Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mess of adchoices, scams, pop ups and wtf's


  • This topic is locked This topic is locked
14 replies to this topic

#1 ishtar

ishtar

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:05:58 PM

Posted 20 February 2015 - 08:12 PM

Hey All Gurus,

 

My PC has been crippled by a mess of spyware and who knows what else, I thought I had a reasonable handle on getting rid of it, but alas it has defeated me.  Frustrating thing is, I don't know how infection was obtained, however I suspect my 12 year old who "only plays games" may have been involved....  I took the liberty of running the awesome Farbar tool, and here are its findings...

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Andrew (administrator) on MANGO on 21-02-2015 10:58:21
Running from C:\Users\Andrew\Desktop\Anti Malware
Loaded Profiles: Andrew (Available profiles: Andrew)
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Softland) C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\Oculus\Service\OVRService_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oculus VR, Inc) C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(VntNet) C:\Program Files (x86)\VntNet\Power Switcher Alpha\PowerSchemeSwitcher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\Run: [Leap Control Panel] => C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe [3625808 2015-02-20] (Leap Motion, Inc.)
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-18] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OculusConfigUtil.lnk
ShortcutTarget: OculusConfigUtil.lnk -> C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe (Oculus VR, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerSwitch.lnk
ShortcutTarget: PowerSwitch.lnk -> C:\Windows\Installer\{57E62977-39DC-4F5D-BDEB-101DE4564507}\_797E8DB853A3BB846B8366.exe ()
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Andrew\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2765525924-2405767281-2402993251-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-20]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M44A84FA6-3215-4482-8F29-7C7B5242A955&SearchSource=55&CUI=&UM=5&UP=SPC06785EA-5438-47CB-8A22-BB1C6F682370&SSPV=", "hxxp://www.news.com.au/", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422695442&from=adks&uid=PLEXTORXPX-256M5S_P02310103277", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422695451&from=adks&uid=PLEXTORXPX-256M5S_P02310103277"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26]
CHR Extension: (Splendid) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2013-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-04]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26]
CHR Extension: (Logitech SetPoint) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-07-20]
CHR Extension: (Pin It Button) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-05-01]
CHR Extension: (Windows 8 App Store) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\japaekjghocnlanfbegjmokjiinnpdfi [2015-02-20]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 763bdca1; c:\Program Files (x86)\SystemMuscle\SystemMuscle.dll [1555968 2015-02-19] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [862592 2015-02-19] ()
S2 FBackup5Srv; C:\Program Files (x86)\Softland\FBackup 5\bService.exe [2742352 2013-12-16] (Softland)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [10083840 2015-02-20] (Leap Motion, Inc.) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-04-26] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\drivers\61883.sys [59904 2013-08-22] (Microsoft Corporation)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
S3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2014-10-11] (JMicron Technology Corp.)
R1 RiftEnabler; C:\Windows\system32\DRIVERS\RiftEnabler.sys [70160 2014-08-07] (Oculus VR, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 10:47 - 2015-02-21 10:47 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieBrowserModeList
2015-02-21 10:39 - 2015-02-21 10:58 - 00000000 ____D () C:\FRST
2015-02-21 10:33 - 2015-02-21 10:33 - 00000627 _____ () C:\Users\Andrew\Desktop\JRT.txt
2015-02-20 21:02 - 2015-02-20 21:02 - 00000346 _____ () C:\WINDOWS\PFRO.log
2015-02-20 19:37 - 2015-02-20 20:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-20 19:37 - 2015-02-20 19:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-20 19:37 - 2015-02-20 19:37 - 00001413 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-20 19:37 - 2015-02-20 19:37 - 00001401 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-20 19:37 - 2015-02-20 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-20 19:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-02-20 19:32 - 2015-02-20 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2015-02-20 19:31 - 2015-02-21 10:29 - 00002613 _____ () C:\WINDOWS\setupact.log
2015-02-20 19:31 - 2015-02-20 19:32 - 00008872 _____ () C:\WINDOWS\DPINST.LOG
2015-02-20 19:31 - 2015-02-20 19:31 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-20 19:21 - 2015-02-20 19:36 - 00001996 _____ () C:\Users\Andrew\Desktop\Rkill.txt
2015-02-20 17:44 - 2015-02-20 17:44 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Steam
2015-02-20 10:04 - 2015-02-20 10:04 - 00000000 ____D () C:\Program Files (x86)\Windows 8 App Store
2015-02-19 15:25 - 2015-02-19 18:23 - 00000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2015-02-19 14:56 - 2015-02-19 14:56 - 00000000 ____D () C:\Program Files (x86)\SystemMuscle
2015-02-13 18:11 - 2015-01-23 14:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 18:11 - 2015-01-23 13:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-13 15:47 - 2015-02-20 11:20 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CrashDumps
2015-02-11 18:48 - 2015-01-20 04:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 18:48 - 2015-01-16 08:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 18:48 - 2015-01-16 08:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 18:48 - 2015-01-14 14:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 18:48 - 2015-01-14 13:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 18:48 - 2015-01-14 08:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 18:48 - 2015-01-14 08:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 18:48 - 2015-01-12 13:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 18:48 - 2015-01-12 12:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 18:48 - 2015-01-12 12:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 18:48 - 2015-01-12 12:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 18:48 - 2015-01-12 12:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 18:48 - 2015-01-12 12:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 18:48 - 2015-01-12 12:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 18:48 - 2015-01-12 12:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 18:48 - 2015-01-12 12:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 18:48 - 2015-01-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 18:48 - 2015-01-12 12:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 18:48 - 2015-01-12 11:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 18:48 - 2015-01-12 11:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 18:48 - 2015-01-12 11:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 18:48 - 2015-01-12 11:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 18:48 - 2015-01-12 11:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 18:48 - 2015-01-12 11:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 18:48 - 2015-01-12 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 18:48 - 2015-01-12 11:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 18:48 - 2015-01-12 11:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 18:48 - 2015-01-12 11:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 18:48 - 2015-01-12 11:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 18:48 - 2015-01-12 11:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 18:48 - 2015-01-12 11:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 18:48 - 2015-01-12 11:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 18:48 - 2015-01-12 11:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 18:48 - 2015-01-12 11:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 18:48 - 2015-01-12 11:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 18:48 - 2015-01-12 11:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 18:48 - 2015-01-12 11:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 18:48 - 2015-01-12 11:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 18:48 - 2015-01-12 11:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 18:48 - 2015-01-12 10:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 18:48 - 2015-01-12 10:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 18:48 - 2015-01-10 19:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 18:48 - 2015-01-10 19:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 18:48 - 2015-01-10 18:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 18:48 - 2015-01-10 17:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 18:48 - 2015-01-10 16:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 18:48 - 2014-12-19 18:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 18:48 - 2014-12-19 18:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 18:48 - 2014-12-09 13:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 18:48 - 2014-12-09 11:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 18:48 - 2014-12-09 09:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 18:48 - 2014-10-29 12:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 18:48 - 2014-10-29 12:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 18:48 - 2014-10-29 12:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 18:48 - 2014-10-29 12:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 18:48 - 2014-10-29 12:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 18:48 - 2014-10-29 12:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 18:48 - 2014-10-29 11:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 18:48 - 2014-10-29 11:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 18:48 - 2014-10-29 11:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 18:48 - 2014-10-29 11:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 18:48 - 2014-10-29 11:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 18:48 - 2014-10-29 11:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 18:48 - 2014-10-29 11:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 18:47 - 2015-01-10 18:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-01-31 19:56 - 2015-02-20 20:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 19:56 - 2015-01-31 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 19:56 - 2015-01-31 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 19:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-31 19:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-31 19:51 - 2015-01-31 19:51 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-31 19:51 - 2015-01-31 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-31 19:51 - 2015-01-31 19:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-31 19:37 - 2015-02-19 14:56 - 00000000 ____D () C:\ProgramData\2a6351800001b1c
2015-01-31 19:27 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\Norton
2015-01-31 19:08 - 2015-02-20 11:08 - 00000000 ____D () C:\ProgramData\{6630045c-8da5-577e-6630-0045c8da1172}
2015-01-28 15:23 - 2015-01-28 15:23 - 00000320 _____ () C:\Users\Andrew\Desktop\MyHarmony.appref-ms
2015-01-28 15:23 - 2015-01-28 15:23 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-28 15:22 - 2015-01-28 19:06 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Deployment
2015-01-28 15:22 - 2015-01-28 15:22 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Apps\2.0

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 10:58 - 2014-10-26 10:10 - 00000000 ____D () C:\Users\Andrew\Desktop\Anti Malware
2015-02-21 10:45 - 2013-12-18 11:54 - 01625338 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-21 10:44 - 2013-06-26 20:15 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 10:37 - 2013-06-25 17:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2765525924-2405767281-2402993251-1001
2015-02-21 10:36 - 2013-11-14 22:43 - 00871904 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-21 10:35 - 2014-04-05 13:25 - 00000000 ____D () C:\ProgramData\Leap Motion
2015-02-21 10:30 - 2014-04-10 11:35 - 00000000 ___RD () C:\Users\Andrew\SkyDrive
2015-02-21 10:29 - 2014-03-06 17:26 - 00000000 ____D () C:\AdwCleaner
2015-02-21 10:29 - 2013-08-23 00:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-21 10:29 - 2013-08-22 23:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-21 10:29 - 2013-06-26 20:15 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 10:25 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-21 10:12 - 2014-08-13 08:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-21 10:02 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-21 01:45 - 2013-06-26 20:15 - 00002209 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 21:17 - 2014-07-02 14:11 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TS3Client
2015-02-20 21:03 - 2015-01-08 19:27 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Curse Client
2015-02-20 19:32 - 2014-10-05 13:58 - 00001272 _____ () C:\Users\Public\Desktop\Leap Motion App Home.lnk
2015-02-20 19:32 - 2014-04-05 13:25 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2015-02-20 19:32 - 2013-07-01 20:33 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-02-20 19:30 - 2013-12-28 11:38 - 00349184 ___SH () C:\Users\Andrew\Desktop\Thumbs.db
2015-02-20 11:32 - 2013-12-18 11:49 - 00000000 ____D () C:\Users\Andrew
2015-02-20 11:20 - 2014-06-10 11:06 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2015-02-20 11:09 - 2014-05-14 16:27 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-02-19 18:41 - 2013-12-01 21:19 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ArmA 2 OA
2015-02-17 15:26 - 2013-06-28 21:50 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\.minecraft
2015-02-14 06:40 - 2012-07-26 17:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 20:01 - 2014-04-25 22:00 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-02-13 20:01 - 2014-04-25 20:54 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-02-13 16:29 - 2014-04-25 20:54 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-02-13 11:15 - 2013-08-23 00:44 - 00481208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 21:23 - 2013-07-17 20:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 21:23 - 2013-06-26 21:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 21:14 - 2013-06-26 20:04 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-06 15:27 - 2013-07-25 11:39 - 00000000 ____D () C:\Users\Andrew\Desktop\GAMES ;D
2015-02-05 15:12 - 2014-08-13 08:05 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-05 14:39 - 2013-06-26 20:15 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:39 - 2013-06-26 20:15 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 05:31 - 2013-08-23 01:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-04 05:31 - 2013-08-23 01:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 23:56 - 2014-05-16 17:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ArmA 2
2015-01-31 20:13 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-01-31 20:12 - 2014-12-12 19:17 - 00000000 ____D () C:\Program Files (x86)\Free Easy CD DVD Burner
2015-01-31 19:56 - 2014-03-06 17:45 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Malwarebytes
2015-01-31 19:56 - 2014-03-06 17:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 19:53 - 2013-08-04 19:26 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Azureus
2015-01-31 19:52 - 2014-02-01 09:35 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-31 19:52 - 2013-12-18 21:47 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-31 19:35 - 2012-07-26 15:26 - 00000269 _____ () C:\WINDOWS\win.ini
2015-01-31 19:33 - 2013-08-22 23:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-31 19:33 - 2012-07-26 18:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-31 19:32 - 2013-12-18 11:59 - 00001452 _____ () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 18:40 - 2014-11-27 07:55 - 00002064 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-27 18:40 - 2014-11-27 07:55 - 00002062 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-27 18:40 - 2014-11-27 07:55 - 00002052 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-27 18:40 - 2014-11-27 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 20:12 - 2014-07-02 14:11 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-26 11:06 - 2014-11-07 19:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\PAYDAY 2

==================== Files in the root of some directories =======

2015-02-19 15:25 - 2015-02-19 18:23 - 0000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2014-03-02 13:47 - 2014-03-03 16:47 - 0000087 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2013-08-11 20:58 - 2013-12-18 09:32 - 0007609 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-20 20:16

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Andrew at 2015-02-21 10:58:42
Running from C:\Users\Andrew\Desktop\Anti Malware
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
µTorrent (HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Addon Sync 2009 (HKLM-x32\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aliens: Colonial Marines (HKLM-x32\...\Steam App 49540) (Version:  - Gearbox Software)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
ARMA 2 Army of The Czech Republic - Data cache removal (HKLM-x32\...\A2ACR Data cache removal) (Version:  - )
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version:  - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version:  - )
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworld (HKLM-x32\...\Bookworld) (Version: 1.9.25 - Kobo Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CoffeeCup Free HTML Editor (HKLM-x32\...\CoffeeCup Free HTML Editor) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawn Of War (HKLM-x32\...\{83F12F73-D52E-40C0-93B1-463C311C4E17}) (Version: 1.40 - THQ)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Evernote v. 4.6.6 (HKLM-x32\...\{6146B9DC-C33D-11E2-BDE1-984BE15F174E}) (Version: 4.6.6.8360 - Evernote Corp.)
Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software)
FBackup 5 (x32 Version: 5.0.305 - Softland) Hidden
FBackup 5.0 (HKLM-x32\...\{f99ca81f-6fa1-45ef-8920-6ca12a3392fc}) (Version: 5.0.305.0 - Softland)
Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Iron Front Uninstall (HKLM-x32\...\Iron Front) (Version:  - )
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
James Cameron's AVATAR™: THE GAME (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.19.00 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Kobo (HKLM-x32\...\Kobo) (Version: 3.12.0 - Rakuten Kobo Inc.)
Leap Motion Software (HKLM-x32\...\Leap Services) (Version: 2.2.3.25971 - Leap Motion)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Legacy 7.5 (HKLM-x32\...\Legacy 7.5) (Version: 7.5  - Millennia Corporation)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oculus Display Driver (Install Only) (HKLM\...\{A1AF4F46-D551-48F3-BD23-133E6DE29383}) (Version: 1.0.24.0 - Oculus Inc.)
Oculus Positional Tracker Driver (Install Only) (HKLM\...\{9A7E8F81-C292-4587-9D53-52782BABB510}) (Version: 0.0.1.6 - Oculus Inc.)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.4.1 Rev 1) (Version: 0.4.1 Rev 1 - Oculus Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Power Switcher Alpha (HKLM-x32\...\{57E62977-39DC-4F5D-BDEB-101DE4564507}) (Version: 0.0.60 - VntNet)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rampant Logic Postscript Viewer version 1.2 (HKLM-x32\...\{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1) (Version: 1.2 - Rampant Logic, LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Rising Storm Beta (HKLM-x32\...\Steam App 224780) (Version:  - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STOIK Capturer (HKLM-x32\...\{CD7F9976-33AE-4C07-BAE5-FCB50CA6E371}) (Version: 1.00.0001 - STOIK Imaging ltd.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unity Web Player (HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Words Rock Home Ed v2 (HKLM-x32\...\Words Rock Home Ed v2) (Version: 2.0.3 - EdAlive)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

28-01-2015 16:32:39 Windows Update
06-02-2015 14:32:34 Windows Update
12-02-2015 21:13:10 Windows Update
20-02-2015 11:17:52 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {024E9900-4B44-4E1B-9060-39359644E939} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {248353BE-8EFB-4D6A-903E-FD22B17B34E1} - System32\Tasks\Softland\FBackup 5\fba_Documents => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE [2013-12-16] (Softland)
Task: {3A6F0D8B-696B-4313-B8ED-7D0E90D34686} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {4FAAA67E-8DAF-4783-8B31-4FDE11B8D9DA} - System32\Tasks\Softland\FBackup 5\FBackup 5_Andrew => C:\Program Files (x86)\Softland\FBackup 5\FBackup.exe [2013-12-16] (Softland)
Task: {5648D017-E0C4-4E1D-84C8-AE8174CCECBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {6BFEA91B-4117-48A4-93B3-DA616B3580AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-24] (Piriform Ltd)
Task: {76511088-F12B-4151-B9D1-B61886E93784} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD)
Task: {96EB4F99-86B5-4E0C-87E5-A483E96D9C83} - System32\Tasks\Oculus Service Scheduler => Wscript.exe "C:\Program Files (x86)\Oculus\Service\LaunchAndRestart.vbs" "C:\Program Files (x86)\Oculus\Service\OVRService_x64.exe"
Task: {A05EA3CE-8762-4AC0-8A13-AD9C5E4ECD68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B28DFF8E-FA83-4193-9F7B-1E28664AFE70} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {E56730B4-AE6D-40C8-98AC-45466AE217C9} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_Andrew => C:\Program Files (x86)\Softland\FBackup 5\bTray.exe [2013-12-16] (Softland)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\fba_Minecraft.job => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\WINDOWS\Tasks\fba_Videos.job => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-25 20:54 - 2014-04-26 15:25 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-08-14 18:58 - 2014-08-12 16:02 - 01037840 _____ () C:\Program Files (x86)\Oculus\Service\OVRService_x64.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-16 18:41 - 2013-12-16 18:41 - 00739642 ____R () C:\Program Files (x86)\Softland\FBackup 5\bResourceStrings.bpl
2013-12-16 18:03 - 2013-12-16 18:03 - 00612152 ____R () C:\Program Files (x86)\Softland\FBackup 5\sqlite3.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 19:37 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-20 19:37 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-20 19:37 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-20 19:37 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-20 19:37 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-02-20 11:29 - 2015-02-20 11:29 - 00859136 _____ () C:\Program Files (x86)\Leap Motion\Core Services\platforms\qwindows.dll
2015-02-21 01:44 - 2015-02-18 08:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 01:44 - 2015-02-18 08:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 01:44 - 2015-02-18 08:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andrew\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Andrew\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\cocaine-cat--so-much-coke.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"

==================== Accounts: =============================

Administrator (S-1-5-21-2765525924-2405767281-2402993251-500 - Administrator - Disabled)
Andrew (S-1-5-21-2765525924-2405767281-2402993251-1001 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-2765525924-2405767281-2402993251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2765525924-2405767281-2402993251-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2015 10:47:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.115 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 84c

Start Time: 01d04d6e2ca90f02

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 25f012ef-b963-11e4-bf8a-50e549b5ca73

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (02/21/2015 10:58:52 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:58:22 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:56:13 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:55:43 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:55:13 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:54:43 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:49:41 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:49:11 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:48:41 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/21/2015 10:48:11 AM) (Source: DCOM) (EventID: 10010) (User: MANGO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-20 11:21:36.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:36.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:36.049
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:35.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:35.763
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:29.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:29.073
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:28.626
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:28.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-20 11:21:26.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 26%
Total physical RAM: 8189.24 MB
Available physical RAM: 6046.61 MB
Total Pagefile: 9853.24 MB
Available Pagefile: 7279.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Master) (Fixed) (Total:238.13 GB) (Free:156.6 GB) NTFS
Drive d: (Cleo) (Fixed) (Total:488.28 GB) (Free:208.01 GB) NTFS
Drive e: (Fluffs) (Fixed) (Total:443.23 GB) (Free:201.72 GB) NTFS
Drive f: (Ignatz) (Fixed) (Total:698.63 GB) (Free:531.14 GB) NTFS
Drive g: (Backups) (Fixed) (Total:698.63 GB) (Free:449.37 GB) NTFS
Drive l: (Fluffy) (Fixed) (Total:195.45 GB) (Free:46.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive m: (Old C Drive Docs) (Fixed) (Total:270.3 GB) (Free:143.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 8ACCF7AB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB1AA6DF)
Partition 1: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 9B2C9F55)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=OF Extended)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0A20A440)
Partition 1: (Active) - (Size=195.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.3 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

Many thanks for your fantastic service to the world and look forward to any advice you may have for me.

 

Cheers.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:58 AM

Posted 25 February 2015 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/567756 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:58 AM

Posted 28 February 2015 - 10:49 PM

Hi ishtar,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:  

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.  
  • The fixes are specific to your problem and should only be used for the issues on this machine.  
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.  
  • It's often worth reading through these instructions and printing them for ease of reference. 
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.  
  • Please reply to this thread. Do not start a new topic.  
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation.  This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:


  • uTorrent

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

Follow these instructions on how to Backup Chrome Bookmarks

bullseye_zpse9eaf36e.gif Uninstall Google Chrome


  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Google Chrome
  • Follow the prompts.
  • Reboot if necessary.
  • Download and reinstall Google Chrome.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.


  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean


    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.


    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.


    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:


  • checkup.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • How is the computer running, any change in performance?

 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#4 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:05:58 PM

Posted 02 March 2015 - 05:06 AM

Hi There OCD,

Thanks for your help, I have

 

Uninstalled and reinstalled Google Chrome

Run Security Check

Results of screen317's Security Check version 0.99.97  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 51  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

Run Adware Cleaner

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 19:41:03
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Andrew - MANGO
# Running from : C:\Users\Andrew\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [3887 bytes] - [06/03/2014 17:26:28]
AdwCleaner[R1].txt - [3947 bytes] - [06/03/2014 17:27:46]
AdwCleaner[R2].txt - [13030 bytes] - [31/01/2015 19:47:16]
AdwCleaner[R3].txt - [4209 bytes] - [20/02/2015 10:17:38]
AdwCleaner[R4].txt - [4268 bytes] - [20/02/2015 10:22:03]
AdwCleaner[R5].txt - [1282 bytes] - [20/02/2015 11:24:44]
AdwCleaner[R6].txt - [1401 bytes] - [20/02/2015 20:59:56]
AdwCleaner[R7].txt - [1493 bytes] - [21/02/2015 10:27:56]
AdwCleaner[R8].txt - [1692 bytes] - [23/02/2015 18:47:50]
AdwCleaner[R9].txt - [1736 bytes] - [02/03/2015 19:38:47]
AdwCleaner[S0].txt - [3941 bytes] - [06/03/2014 17:30:22]
AdwCleaner[S1].txt - [11072 bytes] - [31/01/2015 19:48:44]
AdwCleaner[S2].txt - [4244 bytes] - [20/02/2015 10:24:12]
AdwCleaner[S3].txt - [1351 bytes] - [20/02/2015 11:30:17]
AdwCleaner[S4].txt - [1469 bytes] - [20/02/2015 21:01:55]
AdwCleaner[S5].txt - [1561 bytes] - [21/02/2015 10:29:11]
AdwCleaner[S6].txt - [1762 bytes] - [23/02/2015 18:50:28]
AdwCleaner[S7].txt - [1665 bytes] - [02/03/2015 19:41:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1724  bytes] ##########
 
Run Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by Andrew on Mon 02/03/2015 at 19:49:29.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/03/2015 at 19:51:16.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Run Farbar Recovery Scan Tool

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Andrew (administrator) on MANGO on 02-03-2015 19:53:59
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available profiles: Andrew)
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Softland) C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Oculus\Service\OVRService_x64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oculus VR, Inc) C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(VntNet) C:\Program Files (x86)\VntNet\Power Switcher Alpha\PowerSchemeSwitcher.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\Run: [Leap Control Panel] => C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe [3625808 2015-02-20] (Leap Motion, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OculusConfigUtil.lnk
ShortcutTarget: OculusConfigUtil.lnk -> C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe (Oculus VR, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerSwitch.lnk
ShortcutTarget: PowerSwitch.lnk -> C:\Windows\Installer\{57E62977-39DC-4F5D-BDEB-101DE4564507}\_797E8DB853A3BB846B8366.exe ()
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2765525924-2405767281-2402993251-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-20]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M44A84FA6-3215-4482-8F29-7C7B5242A955&SearchSource=55&CUI=&UM=5&UP=SPC06785EA-5438-47CB-8A22-BB1C6F682370&SSPV=", "hxxp://www.news.com.au/", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422695442&from=adks&uid=PLEXTORXPX-256M5S_P02310103277", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422695451&from=adks&uid=PLEXTORXPX-256M5S_P02310103277"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-02]
CHR Extension: (Splendid) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2015-03-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-02]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-02]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-02]
CHR Extension: (Logitech SetPoint) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-03-02]
CHR Extension: (Google Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-02]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 763bdca1; c:\Program Files (x86)\SystemMuscle\SystemMuscle.dll [1555968 2015-02-19] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [954752 2015-02-28] ()
S2 FBackup5Srv; C:\Program Files (x86)\Softland\FBackup 5\bService.exe [2742352 2013-12-16] (Softland)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [10083840 2015-02-20] (Leap Motion, Inc.) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-02-18] (Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-04-26] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\drivers\61883.sys [59904 2013-08-22] (Microsoft Corporation)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
S3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2014-10-11] (JMicron Technology Corp.)
R1 RiftEnabler; C:\Windows\system32\DRIVERS\RiftEnabler.sys [70160 2014-08-07] (Oculus VR, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 19:51 - 2015-03-02 19:54 - 00016199 _____ () C:\Users\Andrew\Desktop\FRST.txt
2015-03-02 19:51 - 2015-03-02 19:51 - 00000627 _____ () C:\Users\Andrew\Desktop\JRT.txt
2015-03-02 19:42 - 2015-03-02 19:42 - 00001804 _____ () C:\Users\Andrew\Desktop\AdwCleaner[S7].txt
2015-03-02 19:41 - 2015-03-02 19:41 - 00000316 _____ () C:\WINDOWS\PFRO.log
2015-03-02 19:39 - 2015-03-02 19:39 - 01388333 _____ (Thisisu) C:\Users\Andrew\Desktop\JRT.exe
2015-03-02 19:36 - 2015-03-02 19:36 - 00000986 _____ () C:\Users\Andrew\Desktop\checkup.txt
2015-03-02 19:35 - 2015-03-02 19:34 - 00852604 _____ () C:\Users\Andrew\Desktop\SecurityCheck.exe
2015-03-02 19:32 - 2015-03-02 19:32 - 00002285 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-02 19:32 - 2015-03-02 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-25 17:26 - 2015-03-02 19:41 - 00001487 _____ () C:\WINDOWS\setupact.log
2015-02-25 17:26 - 2015-02-25 17:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-25 17:15 - 2014-12-14 07:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 17:15 - 2014-12-14 07:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 17:15 - 2014-10-29 11:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 17:15 - 2014-10-29 11:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 17:15 - 2014-10-29 11:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 17:15 - 2014-10-29 11:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 21:34 - 2015-02-24 21:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CrashRpt
2015-02-21 10:47 - 2015-02-21 10:47 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieBrowserModeList
2015-02-21 10:39 - 2015-03-02 19:53 - 00000000 ____D () C:\FRST
2015-02-21 10:38 - 2015-03-02 19:51 - 02092544 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2015-02-21 10:06 - 2015-02-21 10:06 - 02126848 _____ () C:\Users\Andrew\Desktop\AdwCleaner.exe
2015-02-20 19:37 - 2015-02-23 18:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-20 19:37 - 2015-02-20 19:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-20 19:37 - 2015-02-20 19:37 - 00001413 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-20 19:37 - 2015-02-20 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-20 19:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-02-20 19:32 - 2015-02-20 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2015-02-20 17:44 - 2015-02-20 17:44 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Steam
2015-02-20 10:04 - 2015-02-20 10:04 - 00000000 ____D () C:\Program Files (x86)\Windows 8 App Store
2015-02-19 15:25 - 2015-03-02 19:13 - 00000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2015-02-19 14:56 - 2015-02-19 14:56 - 00000000 ____D () C:\Program Files (x86)\SystemMuscle
2015-02-13 18:11 - 2015-01-23 14:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 18:11 - 2015-01-23 13:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-13 15:47 - 2015-02-28 15:43 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CrashDumps
2015-02-11 18:48 - 2015-01-20 04:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 18:48 - 2015-01-16 08:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 18:48 - 2015-01-16 08:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 18:48 - 2015-01-14 14:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 18:48 - 2015-01-14 13:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 18:48 - 2015-01-14 08:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 18:48 - 2015-01-14 08:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 18:48 - 2015-01-12 13:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 18:48 - 2015-01-12 12:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 18:48 - 2015-01-12 12:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 18:48 - 2015-01-12 12:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 18:48 - 2015-01-12 12:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 18:48 - 2015-01-12 12:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 18:48 - 2015-01-12 12:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 18:48 - 2015-01-12 12:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 18:48 - 2015-01-12 12:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 18:48 - 2015-01-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 18:48 - 2015-01-12 12:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 18:48 - 2015-01-12 11:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 18:48 - 2015-01-12 11:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 18:48 - 2015-01-12 11:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 18:48 - 2015-01-12 11:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 18:48 - 2015-01-12 11:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 18:48 - 2015-01-12 11:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 18:48 - 2015-01-12 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 18:48 - 2015-01-12 11:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 18:48 - 2015-01-12 11:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 18:48 - 2015-01-12 11:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 18:48 - 2015-01-12 11:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 18:48 - 2015-01-12 11:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 18:48 - 2015-01-12 11:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 18:48 - 2015-01-12 11:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 18:48 - 2015-01-12 11:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 18:48 - 2015-01-12 11:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 18:48 - 2015-01-12 11:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 18:48 - 2015-01-12 11:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 18:48 - 2015-01-12 11:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 18:48 - 2015-01-12 11:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 18:48 - 2015-01-12 11:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 18:48 - 2015-01-12 10:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 18:48 - 2015-01-12 10:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 18:48 - 2015-01-10 19:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 18:48 - 2015-01-10 19:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 18:48 - 2015-01-10 18:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 18:48 - 2015-01-10 17:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 18:48 - 2015-01-10 16:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 18:48 - 2014-12-19 18:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 18:48 - 2014-12-19 18:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 18:48 - 2014-12-09 13:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 18:48 - 2014-12-09 11:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 18:48 - 2014-12-09 09:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 18:48 - 2014-10-29 12:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 18:48 - 2014-10-29 12:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 18:48 - 2014-10-29 12:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 18:48 - 2014-10-29 12:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 18:48 - 2014-10-29 12:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 18:48 - 2014-10-29 12:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 18:48 - 2014-10-29 11:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 18:48 - 2014-10-29 11:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 18:48 - 2014-10-29 11:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 18:48 - 2014-10-29 11:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 18:48 - 2014-10-29 11:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 18:48 - 2014-10-29 11:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 18:48 - 2014-10-29 11:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 18:47 - 2015-01-10 18:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-01-31 19:56 - 2015-02-20 20:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 19:56 - 2015-01-31 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 19:56 - 2015-01-31 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 19:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-31 19:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-31 19:51 - 2015-01-31 19:51 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-31 19:51 - 2015-01-31 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-31 19:51 - 2015-01-31 19:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-31 19:37 - 2015-02-19 14:56 - 00000000 ____D () C:\ProgramData\2a6351800001b1c
2015-01-31 19:27 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\Norton
2015-01-31 19:08 - 2015-02-20 11:08 - 00000000 ____D () C:\ProgramData\{6630045c-8da5-577e-6630-0045c8da1172}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 19:52 - 2013-12-18 11:54 - 01685935 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-02 19:48 - 2013-11-14 22:43 - 00871904 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-02 19:46 - 2014-04-05 13:25 - 00000000 ____D () C:\ProgramData\Leap Motion
2015-03-02 19:46 - 2013-06-25 17:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2765525924-2405767281-2402993251-1001
2015-03-02 19:44 - 2013-06-26 20:15 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 19:41 - 2014-04-10 11:35 - 00000000 ___RD () C:\Users\Andrew\SkyDrive
2015-03-02 19:41 - 2014-03-06 17:26 - 00000000 ____D () C:\AdwCleaner
2015-03-02 19:41 - 2013-08-23 00:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 19:41 - 2013-08-22 23:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 19:41 - 2013-06-26 20:15 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 19:40 - 2014-10-26 10:10 - 00000000 ____D () C:\Users\Andrew\Desktop\Anti Malware
2015-03-02 19:32 - 2013-06-26 20:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-02 19:32 - 2013-06-26 20:14 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Google
2015-03-02 19:12 - 2014-08-13 08:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-02 19:00 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 18:35 - 2014-07-02 14:11 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TS3Client
2015-03-02 15:52 - 2013-12-01 21:19 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ArmA 2 OA
2015-03-02 15:24 - 2015-01-08 19:27 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Curse Client
2015-02-26 20:12 - 2014-07-02 14:11 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-02-25 21:38 - 2013-12-18 11:49 - 00000000 ____D () C:\Users\Andrew
2015-02-25 18:22 - 2012-07-26 17:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 22:07 - 2014-04-25 22:00 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-02-24 22:07 - 2014-04-25 20:54 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-02-24 21:42 - 2014-04-25 20:54 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-02-24 21:07 - 2013-06-29 18:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Ironfront
2015-02-23 21:39 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-23 19:16 - 2013-12-28 11:38 - 00349184 ___SH () C:\Users\Andrew\Desktop\Thumbs.db
2015-02-23 15:41 - 2013-06-28 21:50 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\.minecraft
2015-02-21 21:43 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-21 10:25 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-20 19:32 - 2014-10-05 13:58 - 00001272 _____ () C:\Users\Public\Desktop\Leap Motion App Home.lnk
2015-02-20 19:32 - 2014-04-05 13:25 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2015-02-20 19:32 - 2013-07-01 20:33 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-02-20 11:20 - 2014-06-10 11:06 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2015-02-20 11:09 - 2014-05-14 16:27 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-02-13 11:15 - 2013-08-23 00:44 - 00481208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 21:23 - 2013-07-17 20:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 21:23 - 2013-06-26 21:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 21:14 - 2013-06-26 20:04 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-06 15:27 - 2013-07-25 11:39 - 00000000 ____D () C:\Users\Andrew\Desktop\GAMES ;D
2015-02-05 15:12 - 2014-08-13 08:05 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-05 14:39 - 2013-06-26 20:15 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:39 - 2013-06-26 20:15 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 05:31 - 2013-08-23 01:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-04 05:31 - 2013-08-23 01:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 23:56 - 2014-05-16 17:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ArmA 2
2015-01-31 20:13 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-01-31 20:12 - 2014-12-12 19:17 - 00000000 ____D () C:\Program Files (x86)\Free Easy CD DVD Burner
2015-01-31 19:56 - 2014-03-06 17:45 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Malwarebytes
2015-01-31 19:56 - 2014-03-06 17:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 19:53 - 2013-08-04 19:26 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Azureus
2015-01-31 19:52 - 2014-02-01 09:35 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-31 19:52 - 2013-12-18 21:47 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-31 19:35 - 2012-07-26 15:26 - 00000269 _____ () C:\WINDOWS\win.ini
2015-01-31 19:33 - 2013-08-22 23:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-31 19:33 - 2012-07-26 18:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-31 19:32 - 2013-12-18 11:59 - 00001452 _____ () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
 
==================== Files in the root of some directories =======
 
2015-02-19 15:25 - 2015-03-02 19:13 - 0000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2014-03-02 13:47 - 2014-03-03 16:47 - 0000087 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2013-08-11 20:58 - 2013-12-18 09:32 - 0007609 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
 
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-01 17:43
 

 

==================== End Of Log ============================
 
Things appear to be better now, as the adstuff, adchoices etc  and pop ups are gone.
Though not sure if they will reappear after a day or so.
Can we claim this as a success?
 
Many Thanks
Andrew


#5 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:58 AM

Posted 03 March 2015 - 03:48 AM

Hi ishtar,
 

Things appear to be better now, as the adstuff, adchoices etc and pop ups are gone.
Though not sure if they will reappear after a day or so.
Can we claim this as a success?


It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :thumbup2:

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 

Start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M44A84FA6-3215-4482-8F29-7C7B5242A955&SearchSource=55&CUI=&UM=5&UP=SPC06785EA-5438-47CB-8A22-BB1C6F682370&SSPV=", "hxxp://www.news.com.au/", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422695442&from=adks&uid=PLEXTORXPX-256M5S_P02310103277", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422695451&from=adks&uid=PLEXTORXPX-256M5S_P02310103277"
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

  • Fixlog.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#6 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:05:58 PM

Posted 04 March 2015 - 06:56 PM

Hi OCD,

 

Have done as requested and run the FRST script.

 

Script log file as...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Andrew at 2015-03-05 09:49:27 Run:1
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available profiles: Andrew)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M44A84FA6-3215-4482-8F29-7C7B5242A955&SearchSource=55&CUI=&UM=5&UP=SPC06785EA-5438-47CB-8A22-BB1C6F682370&SSPV=", "hxxp://www.news.com.au/", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422695442&from=adks&uid=PLEXTORXPX-256M5S_P02310103277", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422695451&from=adks&uid=PLEXTORXPX-256M5S_P02310103277"
EmptyTemp:
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome StartupUrls deleted successfully.
EmptyTemp: => Removed 485.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 09:49:31 ====
 

Look forward to your next advice.

Cheers :)

 



#7 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:58 AM

Posted 04 March 2015 - 10:18 PM

Hi ishtar,

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#8 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:58 AM

Posted 07 March 2015 - 10:29 AM

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#9 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:05:58 PM

Posted 08 March 2015 - 04:00 PM

Hi OCD,  Ok I have done as you requested and advise that:

 

Malwarebytes' Anti-Malware Log file:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 8/03/2015
Scan Time: 5:09:55 PM
Logfile: Malware Log File.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.08.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andrew
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358627
Time Elapsed: 7 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
and the ESET Online Scanner log is:
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\FindRight.FirstRun.exe.vir a variant of MSIL/BrowseFox.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\FindRightBHO.dll.vir a variant of Win32/BrowseFox.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\FindRightUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\updateFindRight.exe.vir a variant of Win32/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\bin\FindRight.BrowserFilter.Helper.dll.old.e872e364-097b-4d29-bd37-b75f5899cdfb.vir a variant of Win32/BrowseFox.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\bin\FindRight.BrowserFilter.Helper.dll.vir a variant of Win32/BrowseFox.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\bin\FindRightBrowserFilter.exe.vir a variant of MSIL/BrowseFox.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\bin\utilFindRight.exe.vir a variant of Win32/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\bin\plugins\FindRight.BrowserFilterG.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\bin\plugins\FindRight.FFUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight\bin\plugins\FindRight.IEUpdate.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savingtooyoou\C8lrlxDoHoyT5H.x64.dll.vir a variant of Win64/Adware.MultiPlug.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\topedeaLL\mvxy38Fmsc3MqT.x64.dll.vir a variant of Win64/Adware.MultiPlug.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuze\.install4j\user\mism.exe.vir Win32/Toolbar.Conduit.AP potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir a variant of Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir a variant of Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\SaveSense\SaveSenseIE.dll.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\SaveSense\SaveSenseUpdateVer.exe.vir a variant of Win32/DealPly.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Temp\OCS\ocs_v71b.exe.vir a variant of Win32/DownloadSponsor.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Free Easy CD DVD Burner\apphelp.dll a variant of Win32/Toolbar.SearchSuite.X potentially unwanted application deleted - quarantined
D:\Downloads\CodecPerformerSetup.exe a variant of Win32/InstallBrain.CO potentially unwanted application deleted - quarantined
D:\Downloads\coffeecup-free-html-editor.exe a variant of Win32/DownloadSponsor.C potentially unwanted application deleted - quarantined
D:\Downloads\FreeEasyCDDVDBurnerSetup-r42-n-bc.exe a variant of Win32/KoyoteLab.A potentially unwanted application deleted - quarantined
D:\Downloads\Graffiti_Treat_Font_Installer.exe a variant of Win32/InstallCore.IZ potentially unwanted application deleted - quarantined
D:\Downloads\TREVOR SB__6148_il1193.exe a variant of Win32/Amonetize.BM potentially unwanted application deleted - quarantined
F:\Andrew Border Data\Users\AB\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000285 Win32/SoftonicDownloader.A potentially unwanted application deleted - quarantined
F:\Andrew Border Data\Users\AB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHRC7IYT\RebateInformerSetup[1].exe a variant of Win32/Toolbar.Inbox.B potentially unwanted application deleted - quarantined
G:\Backups\Zips XP\Pakes-Trojan-Removal-Tool.exe a variant of Win32/SecurityStronghold potentially unwanted application deleted - quarantined
L:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
L:\Program Files (x86)\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
L:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
L:\Program Files (x86)\Panda Security\Panda Security Toolbar\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
L:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
L:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
L:\Program Files (x86)\pandasecuritytb\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
L:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
L:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
L:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe Win32/Somoto.F potentially unwanted application deleted - quarantined
L:\Program Files (x86)\Vuze_Remote\tbVuze.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
L:\ProgramData\InstallMate\{776D5484-5452-44BC-A657-1C70AC8E7672}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application deleted - quarantined
L:\ProgramData\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
L:\Users\Fluffy\Adlsoft Uncompressor\Uninstall\Uninstall.exe a variant of Win32/InstallCore.F potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\ICReinstall_The_Tao_Of_Badass_Play_By_Play_Attraction_Guide.pdf_downloader.exe a variant of Win32/InstallCore.AF potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\mgsqlite3.dll Win32/SweetIM.K potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\Shortcut_sweetimsetup.exe a variant of Win32/SweetIM.C potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\9041D860-BAB0-7891-8C0B-0BE41377CC2D\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\9041D860-BAB0-7891-8C0B-0BE41377CC2D\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\9041D860-BAB0-7891-8C0B-0BE41377CC2D\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\ICReinstall\cnet_fbsetup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\is1293846689\MyBabylonTB.exe Win32/Toolbar.Babylon potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\is1568482836\MyBabylonTB.exe Win32/Toolbar.Babylon potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\Low\PandaSecurityTb_3.0.0.9b.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\nslB185.tmp\setup.exe Win32/Toolbar.Babylon potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\Local\Temp\RarSFX1\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\LocalLow\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\LocalLow\pandasecuritytb\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\LocalLow\pandasecuritytb\PandaSecurityTb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\LocalLow\pandasecuritytb\PandaSecurityTb_3.0.0.9b.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\LocalLow\Vuze_Remote\tbVuze.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
L:\Users\Fluffy\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
L:\Windows\SysWOW64\GroupPolicy\Machine\Scripts\Shutdown\PanF582.tmp\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
M:\Zips\Media\setup.exe Win32/Adware.Bundlore application cleaned by deleting - quarantined
M:\Zips to be installed maybe\Media\ashampoo_burning_studio_2010_advanced_9.24_7182.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
M:\Zips to be installed maybe\System\ashampoo_winoptimizer_6_6.60_7210.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
 
 
PC seems to be running ok now, I haven't had any invasion of pop ups recently :)
 
Await your next advice..
Cheers


#10 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:58 AM

Posted 08 March 2015 - 08:52 PM

Hi ishtar,

Thanks for the logs. Let's run one last scan to make sure nothing slipped by. If all is well after this scan we will do a bit of housekeeping and send you on your way.

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Select the Addition box
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#11 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:05:58 PM

Posted 10 March 2015 - 03:01 AM

Hey there OCD,

 

As per your request I've run FRST 

 

FRST log file is...

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Andrew (administrator) on MANGO on 10-03-2015 17:52:08
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available profiles: Andrew)
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Softland) C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Softland) C:\Program Files (x86)\Softland\FBackup 5\bService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\Oculus\Service\OVRService_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe
(Oculus VR, Inc) C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VntNet) C:\Program Files (x86)\VntNet\Power Switcher Alpha\PowerSchemeSwitcher.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\Run: [Leap Control Panel] => C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe [3625808 2015-02-20] (Leap Motion, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OculusConfigUtil.lnk
ShortcutTarget: OculusConfigUtil.lnk -> C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe (Oculus VR, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerSwitch.lnk
ShortcutTarget: PowerSwitch.lnk -> C:\Windows\Installer\{57E62977-39DC-4F5D-BDEB-101DE4564507}\_797E8DB853A3BB846B8366.exe ()
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-05-22] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2765525924-2405767281-2402993251-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-13] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-20]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M44A84FA6-3215-4482-8F29-7C7B5242A955&SearchSource=55&CUI=&UM=5&UP=SPC06785EA-5438-47CB-8A22-BB1C6F682370&SSPV=", "hxxp://www.news.com.au/", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422695442&from=adks&uid=PLEXTORXPX-256M5S_P02310103277", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422695451&from=adks&uid=PLEXTORXPX-256M5S_P02310103277"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Splendid) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2015-03-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-02]
CHR Extension: (Logitech SetPoint) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [936832 2015-03-05] ()
R2 FBackup5Srv; C:\Program Files (x86)\Softland\FBackup 5\bService.exe [2742352 2013-12-16] (Softland)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [10083840 2015-02-20] (Leap Motion, Inc.) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-02-25] (Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-04-26] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 763bdca1; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\SystemMuscle\SystemMuscle.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\drivers\61883.sys [59904 2013-08-22] (Microsoft Corporation)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
S3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2014-10-11] (JMicron Technology Corp.)
R1 RiftEnabler; C:\Windows\system32\DRIVERS\RiftEnabler.sys [70160 2014-08-07] (Oculus VR, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 17:52 - 2015-03-10 17:52 - 00015637 _____ () C:\Users\Andrew\Desktop\FRST.txt
2015-03-05 21:23 - 2015-03-05 21:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-05 20:41 - 2015-03-05 20:41 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 19:41 - 2015-03-06 15:26 - 00001014 _____ () C:\WINDOWS\PFRO.log
2015-03-02 19:39 - 2015-03-02 19:39 - 01388333 _____ (Thisisu) C:\Users\Andrew\Desktop\JRT.exe
2015-03-02 19:35 - 2015-03-02 19:34 - 00852604 _____ () C:\Users\Andrew\Desktop\SecurityCheck.exe
2015-03-02 19:32 - 2015-03-02 19:32 - 00002285 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-02 19:32 - 2015-03-02 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-25 17:26 - 2015-03-10 17:50 - 00002820 _____ () C:\WINDOWS\setupact.log
2015-02-25 17:26 - 2015-02-25 17:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-25 17:15 - 2014-12-14 07:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 17:15 - 2014-12-14 07:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 17:15 - 2014-10-29 11:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 17:15 - 2014-10-29 11:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 17:15 - 2014-10-29 11:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 17:15 - 2014-10-29 11:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 21:34 - 2015-02-24 21:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CrashRpt
2015-02-21 10:47 - 2015-02-21 10:47 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieBrowserModeList
2015-02-21 10:39 - 2015-03-10 17:52 - 00000000 ____D () C:\FRST
2015-02-21 10:38 - 2015-03-10 17:45 - 02095104 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2015-02-21 10:06 - 2015-02-21 10:06 - 02126848 _____ () C:\Users\Andrew\Desktop\AdwCleaner.exe
2015-02-20 19:37 - 2015-02-23 18:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-20 19:37 - 2015-02-20 19:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-20 19:37 - 2015-02-20 19:37 - 00001413 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-20 19:37 - 2015-02-20 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-20 19:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-02-20 19:32 - 2015-02-20 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2015-02-20 17:44 - 2015-02-20 17:44 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Steam
2015-02-20 10:04 - 2015-02-20 10:04 - 00000000 ____D () C:\Program Files (x86)\Windows 8 App Store
2015-02-19 15:25 - 2015-03-02 19:13 - 00000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2015-02-19 14:56 - 2015-03-05 21:01 - 00000000 ____D () C:\Program Files (x86)\SystemMuscle
2015-02-13 18:11 - 2015-01-23 14:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 18:11 - 2015-01-23 13:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-13 15:47 - 2015-03-09 15:38 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CrashDumps
2015-02-11 18:48 - 2015-01-20 04:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 18:48 - 2015-01-16 08:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 18:48 - 2015-01-16 08:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 18:48 - 2015-01-14 14:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 18:48 - 2015-01-14 13:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 18:48 - 2015-01-14 08:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 18:48 - 2015-01-14 08:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 18:48 - 2015-01-12 13:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 18:48 - 2015-01-12 12:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 18:48 - 2015-01-12 12:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 18:48 - 2015-01-12 12:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 18:48 - 2015-01-12 12:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 18:48 - 2015-01-12 12:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 18:48 - 2015-01-12 12:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 18:48 - 2015-01-12 12:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 18:48 - 2015-01-12 12:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 18:48 - 2015-01-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 18:48 - 2015-01-12 12:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 18:48 - 2015-01-12 11:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 18:48 - 2015-01-12 11:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 18:48 - 2015-01-12 11:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 18:48 - 2015-01-12 11:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 18:48 - 2015-01-12 11:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 18:48 - 2015-01-12 11:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 18:48 - 2015-01-12 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 18:48 - 2015-01-12 11:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 18:48 - 2015-01-12 11:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 18:48 - 2015-01-12 11:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 18:48 - 2015-01-12 11:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 18:48 - 2015-01-12 11:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 18:48 - 2015-01-12 11:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 18:48 - 2015-01-12 11:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 18:48 - 2015-01-12 11:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 18:48 - 2015-01-12 11:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 18:48 - 2015-01-12 11:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 18:48 - 2015-01-12 11:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 18:48 - 2015-01-12 11:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 18:48 - 2015-01-12 11:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 18:48 - 2015-01-12 11:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 18:48 - 2015-01-12 10:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 18:48 - 2015-01-12 10:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 18:48 - 2015-01-10 19:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 18:48 - 2015-01-10 19:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 18:48 - 2015-01-10 18:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 18:48 - 2015-01-10 17:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 18:48 - 2015-01-10 16:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 18:48 - 2014-12-19 18:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 18:48 - 2014-12-19 18:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 18:48 - 2014-12-09 13:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 18:48 - 2014-12-09 11:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 18:48 - 2014-12-09 09:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 18:48 - 2014-10-29 12:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 18:48 - 2014-10-29 12:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 18:48 - 2014-10-29 12:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 18:48 - 2014-10-29 12:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 18:48 - 2014-10-29 12:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 18:48 - 2014-10-29 12:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 18:48 - 2014-10-29 11:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 18:48 - 2014-10-29 11:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 18:48 - 2014-10-29 11:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 18:48 - 2014-10-29 11:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 18:48 - 2014-10-29 11:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 18:48 - 2014-10-29 11:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 18:48 - 2014-10-29 11:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 18:47 - 2015-01-10 18:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 17:51 - 2014-04-10 11:35 - 00000000 ___RD () C:\Users\Andrew\SkyDrive
2015-03-10 17:51 - 2014-04-05 13:25 - 00000000 ____D () C:\ProgramData\Leap Motion
2015-03-10 17:51 - 2013-12-18 11:54 - 01164508 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-10 17:50 - 2013-08-23 00:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-10 17:50 - 2013-08-22 23:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-10 17:50 - 2013-06-26 20:15 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 17:49 - 2013-12-18 11:49 - 00000000 ____D () C:\Users\Andrew
2015-03-10 17:45 - 2014-07-02 14:11 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TS3Client
2015-03-10 17:44 - 2013-06-26 20:15 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 17:12 - 2014-08-13 08:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-10 17:02 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-10 15:50 - 2013-11-14 22:43 - 00871904 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 15:46 - 2013-12-01 21:19 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ArmA 2 OA
2015-03-10 15:24 - 2015-01-08 19:27 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Curse Client
2015-03-09 15:21 - 2013-12-28 11:38 - 00359424 ___SH () C:\Users\Andrew\Desktop\Thumbs.db
2015-03-08 23:48 - 2014-12-12 19:17 - 00000000 ____D () C:\Program Files (x86)\Free Easy CD DVD Burner
2015-03-08 17:09 - 2015-01-31 19:56 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 12:43 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-06 17:39 - 2014-04-25 22:00 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-03-06 17:39 - 2014-04-25 20:54 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-03-06 17:17 - 2014-04-25 20:54 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-03-06 14:12 - 2014-07-02 14:11 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-03-06 09:51 - 2013-06-25 17:34 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2765525924-2405767281-2402993251-1001
2015-03-05 21:20 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-03-05 20:41 - 2015-01-31 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-05 20:41 - 2015-01-31 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 23:17 - 2013-06-26 20:00 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 19:41 - 2014-03-06 17:26 - 00000000 ____D () C:\AdwCleaner
2015-03-02 19:40 - 2014-10-26 10:10 - 00000000 ____D () C:\Users\Andrew\Desktop\Anti Malware
2015-03-02 19:32 - 2013-06-26 20:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-02 19:32 - 2013-06-26 20:14 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Google
2015-02-25 18:22 - 2012-07-26 17:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 21:07 - 2013-06-29 18:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Ironfront
2015-02-23 21:39 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-23 15:41 - 2013-06-28 21:50 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\.minecraft
2015-02-21 21:43 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-20 19:32 - 2014-10-05 13:58 - 00001272 _____ () C:\Users\Public\Desktop\Leap Motion App Home.lnk
2015-02-20 19:32 - 2014-04-05 13:25 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2015-02-20 19:32 - 2013-07-01 20:33 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-02-20 11:20 - 2014-06-10 11:06 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2015-02-20 11:09 - 2014-05-14 16:27 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-02-20 11:08 - 2015-01-31 19:08 - 00000000 ____D () C:\ProgramData\{6630045c-8da5-577e-6630-0045c8da1172}
2015-02-19 14:56 - 2015-01-31 19:37 - 00000000 ____D () C:\ProgramData\2a6351800001b1c
2015-02-13 11:15 - 2013-08-23 00:44 - 00481208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 21:23 - 2013-07-17 20:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 21:23 - 2013-06-26 21:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 21:14 - 2013-06-26 20:04 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-02-19 15:25 - 2015-03-02 19:13 - 0000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2014-03-02 13:47 - 2014-03-03 16:47 - 0000087 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2013-08-11 20:58 - 2013-12-18 09:32 - 0007609 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-10 17:42
 
==================== End Of Log ============================
 
 
 
and addition log file is...
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
Ran by Andrew at 2015-03-10 17:52:44
Running from C:\Users\Andrew\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
µTorrent (HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Addon Sync 2009 (HKLM-x32\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aliens: Colonial Marines (HKLM-x32\...\Steam App 49540) (Version:  - Gearbox Software)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
ARMA 2 Army of The Czech Republic - Data cache removal (HKLM-x32\...\A2ACR Data cache removal) (Version:  - )
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version:  - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version:  - )
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworld (HKLM-x32\...\Bookworld) (Version: 1.9.25 - Kobo Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CoffeeCup Free HTML Editor (HKLM-x32\...\CoffeeCup Free HTML Editor) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawn Of War (HKLM-x32\...\{83F12F73-D52E-40C0-93B1-463C311C4E17}) (Version: 1.40 - THQ)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Evernote v. 4.6.6 (HKLM-x32\...\{6146B9DC-C33D-11E2-BDE1-984BE15F174E}) (Version: 4.6.6.8360 - Evernote Corp.)
Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software)
FBackup 5 (x32 Version: 5.0.305 - Softland) Hidden
FBackup 5.0 (HKLM-x32\...\{f99ca81f-6fa1-45ef-8920-6ca12a3392fc}) (Version: 5.0.305.0 - Softland)
Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Iron Front Uninstall (HKLM-x32\...\Iron Front) (Version:  - )
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
James Cameron's AVATAR™: THE GAME (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.19.00 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Kobo (HKLM-x32\...\Kobo) (Version: 3.12.0 - Rakuten Kobo Inc.)
Leap Motion Software (HKLM-x32\...\Leap Services) (Version: 2.2.3.25971 - Leap Motion)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Legacy 7.5 (HKLM-x32\...\Legacy 7.5) (Version: 7.5  - Millennia Corporation)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oculus Display Driver (Install Only) (HKLM\...\{A1AF4F46-D551-48F3-BD23-133E6DE29383}) (Version: 1.0.24.0 - Oculus Inc.)
Oculus Positional Tracker Driver (Install Only) (HKLM\...\{9A7E8F81-C292-4587-9D53-52782BABB510}) (Version: 0.0.1.6 - Oculus Inc.)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.4.1 Rev 1) (Version: 0.4.1 Rev 1 - Oculus Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.83.62.0 - Overwolf Ltd.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Power Switcher Alpha (HKLM-x32\...\{57E62977-39DC-4F5D-BDEB-101DE4564507}) (Version: 0.0.60 - VntNet)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rampant Logic Postscript Viewer version 1.2 (HKLM-x32\...\{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1) (Version: 1.2 - Rampant Logic, LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Rising Storm Beta (HKLM-x32\...\Steam App 224780) (Version:  - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STOIK Capturer (HKLM-x32\...\{CD7F9976-33AE-4C07-BAE5-FCB50CA6E371}) (Version: 1.00.0001 - STOIK Imaging ltd.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unity Web Player (HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Words Rock Home Ed v2 (HKLM-x32\...\Words Rock Home Ed v2) (Version: 2.0.3 - EdAlive)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
12-02-2015 21:13:10 Windows Update
20-02-2015 11:17:52 Checkpoint by HitmanPro
25-02-2015 18:21:53 Windows Update
05-03-2015 11:42:35 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {024E9900-4B44-4E1B-9060-39359644E939} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {248353BE-8EFB-4D6A-903E-FD22B17B34E1} - System32\Tasks\Softland\FBackup 5\fba_Documents => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE [2013-12-16] (Softland)
Task: {3A6F0D8B-696B-4313-B8ED-7D0E90D34686} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {4FAAA67E-8DAF-4783-8B31-4FDE11B8D9DA} - System32\Tasks\Softland\FBackup 5\FBackup 5_Andrew => C:\Program Files (x86)\Softland\FBackup 5\FBackup.exe [2013-12-16] (Softland)
Task: {5648D017-E0C4-4E1D-84C8-AE8174CCECBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {6BFEA91B-4117-48A4-93B3-DA616B3580AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-24] (Piriform Ltd)
Task: {76511088-F12B-4151-B9D1-B61886E93784} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-02-25] (Overwolf LTD)
Task: {96EB4F99-86B5-4E0C-87E5-A483E96D9C83} - System32\Tasks\Oculus Service Scheduler => Wscript.exe "C:\Program Files (x86)\Oculus\Service\LaunchAndRestart.vbs" "C:\Program Files (x86)\Oculus\Service\OVRService_x64.exe"
Task: {A05EA3CE-8762-4AC0-8A13-AD9C5E4ECD68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E56730B4-AE6D-40C8-98AC-45466AE217C9} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_Andrew => C:\Program Files (x86)\Softland\FBackup 5\bTray.exe [2013-12-16] (Softland)
Task: {FBD2F0F0-CEA4-4D27-B666-08891C59C13E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\fba_Minecraft.job => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\WINDOWS\Tasks\fba_Videos.job => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-25 18:40 - 2014-11-25 18:40 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-25 20:54 - 2014-04-26 15:25 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-08-14 18:58 - 2014-08-12 16:02 - 01037840 _____ () C:\Program Files (x86)\Oculus\Service\OVRService_x64.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-16 18:41 - 2013-12-16 18:41 - 00739642 ____R () C:\Program Files (x86)\Softland\FBackup 5\bResourceStrings.bpl
2013-12-16 18:03 - 2013-12-16 18:03 - 00612152 ____R () C:\Program Files (x86)\Softland\FBackup 5\sqlite3.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 19:37 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-20 19:37 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-20 19:37 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-20 19:37 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-20 19:37 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-02-20 11:29 - 2015-02-20 11:29 - 00859136 _____ () C:\Program Files (x86)\Leap Motion\Core Services\platforms\qwindows.dll
2015-03-02 19:32 - 2015-02-18 08:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-03-02 19:32 - 2015-02-18 08:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-03-02 19:32 - 2015-02-18 08:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-03-02 19:32 - 2015-02-18 08:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Andrew\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Andrew\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\coke_cat_freak.jpg
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2765525924-2405767281-2402993251-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2765525924-2405767281-2402993251-500 - Administrator - Disabled)
Andrew (S-1-5-21-2765525924-2405767281-2402993251-1001 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-2765525924-2405767281-2402993251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2765525924-2405767281-2402993251-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/10/2015 03:24:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (03/10/2015 03:24:31 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (03/10/2015 03:24:31 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (03/10/2015 03:24:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
 
Error: (03/10/2015 03:24:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (03/10/2015 03:24:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
 
Error: (03/10/2015 03:24:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (03/09/2015 08:14:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (03/09/2015 08:14:19 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (03/09/2015 08:14:19 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
System errors:
=============
Error: (03/10/2015 05:51:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemMuscle service to connect.
 
Error: (03/10/2015 05:49:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (03/10/2015 03:43:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemMuscle service to connect.
 
Error: (03/10/2015 03:43:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:39:38 on ‎10/‎03/‎2015 was unexpected.
 
Error: (03/10/2015 03:40:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemMuscle service to connect.
 
Error: (03/10/2015 03:39:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:12:48 on ‎09/‎03/‎2015 was unexpected.
 
Error: (03/07/2015 04:10:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemMuscle service to connect.
 
Error: (03/07/2015 04:10:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:00:57 on ‎07/‎03/‎2015 was unexpected.
 
Error: (03/06/2015 03:28:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (03/06/2015 03:28:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-08 20:02:16.816
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:16.662
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:16.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:16.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:16.190
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:15.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:15.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:15.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:15.465
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 20:02:15.307
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 24%
Total physical RAM: 8189.24 MB
Available physical RAM: 6201.06 MB
Total Pagefile: 9853.24 MB
Available Pagefile: 7628.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Master) (Fixed) (Total:238.13 GB) (Free:157.1 GB) NTFS
Drive d: (Cleo) (Fixed) (Total:488.28 GB) (Free:208.05 GB) NTFS
Drive e: (Fluffs) (Fixed) (Total:443.23 GB) (Free:201.43 GB) NTFS
Drive f: (Ignatz) (Fixed) (Total:698.63 GB) (Free:531.14 GB) NTFS
Drive g: (Backups) (Fixed) (Total:698.63 GB) (Free:449.38 GB) NTFS
Drive l: (Fluffy) (Fixed) (Total:195.45 GB) (Free:46.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive m: (Old C Drive Docs) (Fixed) (Total:270.3 GB) (Free:143.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 8ACCF7AB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB1AA6DF)
Partition 1: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 9B2C9F55)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=OF Extended)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0A20A440)
Partition 1: (Active) - (Size=195.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.3 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

 

Look forward to your advice

Cheers :)



#12 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:58 AM

Posted 10 March 2015 - 08:22 AM

Hi ishtar ,

bullseye_zpse9eaf36e.gif Reset / Change Homepage in Chrome
  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings.
    • Add the home button to the browser toolbar
      Home page button is off by default. Select the "Show Home button" checkbox in the "Appearance" section to show it on the browser toolbar.
    • Set your home page
      When the "Show Home button" checkbox is selected, a web address appears below it. This is the address you will want to change. (hxxp:trovi.com/)
      Click Change to enter a link (i.e. http://www.google.com). You can also choose the New Tab page as your home page.
=========================

bullseye2_zpse2245433.png Delete cache and other browser data in Chrome
  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Tools.
  • Select Clear browsing data.
  • In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
    • Clear browsing history
    • Clear download history
    • Empty the cache
    • Delete cookies and other site and plug-in data
    • Clear saved passwords
    • Clear saved Autofill form data
    • Clear data from hosted apps
    • Deauthorize content licenses
  • Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
  • Click Clear browsing data.
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M44A84FA6-3215-4482-8F29-7C7B5242A955&SearchSource=55&CUI=&UM=5&UP=SPC06785EA-5438-47CB-8A22-BB1C6F682370&SSPV=", "hxxp://www.news.com.au/", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422695442&from=adks&uid=PLEXTORXPX-256M5S_P02310103277", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422695451&from=adks&uid=PLEXTORXPX-256M5S_P02310103277"
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:
  • Fixlog.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#13 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:05:58 PM

Posted 11 March 2015 - 05:14 AM

Hi OCD,

 

Have done as per your instructions

 

1. Reset / Change Homepage in Chrome

 

2. Deleted cache and other browser data in Chrome

 

3. Ran FRST Fix Script

 

4. Here is the Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Andrew at 2015-03-11 20:01:37 Run:2
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available profiles: Andrew)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CloseProcesses:
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M44A84FA6-3215-4482-8F29-7C7B5242A955&SearchSource=55&CUI=&UM=5&UP=SPC06785EA-5438-47CB-8A22-BB1C6F682370&SSPV=", "hxxp://www.news.com.au/", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422695442&from=adks&uid=PLEXTORXPX-256M5S_P02310103277", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422695451&from=adks&uid=PLEXTORXPX-256M5S_P02310103277"
EmptyTemp:
End
*****************
 
Processes closed successfully.
Chrome StartupUrls deleted successfully.
EmptyTemp: => Removed 75.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:01:41 ====
 
 
Await next steps.
 
Cheers


#14 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:58 AM

Posted 11 March 2015 - 09:16 AM

Hi ishtar,

Your log appears to be clean.
We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Java 7 Update 51
=========================

bullseye_zpse9eaf36e.gif Remove Disinfection Tools
  • Download Delfix
  • Tick the following boxes:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    Delfix_zpsbce6c60b.gif
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.
= = = = = = = = = = = = = = = = = = = =


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate windows and frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-VirusFree Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

CryptoPrevent_zps7ddc3ebd.jpg

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  • Green should be good to go
  • Yellow for caution
  • Red to stop
= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.
  • Windows XP:
    Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
    If you are running Windows XP, please take the time to read the information provided at these links.
  • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
  • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.
Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#15 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:58 AM

Posted 13 March 2015 - 10:30 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users