Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Com Surrogate


  • This topic is locked This topic is locked
22 replies to this topic

#1 TheBoax

TheBoax

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 24 February 2015 - 11:35 PM

Lately there have been a lot of dllhost in my process list and it's lagging my computer and every once in a while i have to delete them all. Please help



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 25 February 2015 - 04:40 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 25 February 2015 - 11:37 AM

The ESET file was too big to attach what do you want me to do?

Attached Files



#4 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 25 February 2015 - 11:43 AM

I tried to post it in the reply but it said it was too long



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 25 February 2015 - 11:55 AM

Please upload the log here http://www.filedropper.com/. and send me via PM the Download-Link.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 26 February 2015 - 03:19 PM

Thank you!

 

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall: Browser Extensions, DealPly, TornTV
  • Reboot your computer.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

Download and install the latest version of mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 26 February 2015 - 07:41 PM

# AdwCleaner v4.111 - Logfile created 26/02/2015 at 16:37:29
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Kevin - KEVIN-HP
# Running from : C:\Users\Kevin\Desktop\Cleaners\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\5304f1409c03f397
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
Folder Deleted : C:\Program Files (x86)\DriverTuner
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Guest\AppData\Roaming\dll-files.com
Folder Deleted : C:\Users\Kevin\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Kevin\AppData\Local\DriverTuner
Folder Deleted : C:\Users\Kevin\AppData\Roaming\TornTV.com
Folder Deleted : C:\Users\Kevin\AppData\Roaming\dll-files.com
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\ProgramData\bnhlpcbbnggjiahhfnlmpnkhakgljpnc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\END
File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : RDReminder
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\8ec7d19f4f3834b8b9e2fca2371be0ff
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\UpToDown
Key Deleted : HKCU\Software\TornTv Downloader
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKCU\Software\dll-files.com
Key Deleted : HKCU\Software\DownLite
Key Deleted : HKLM\SOFTWARE\dll-files.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
 
-\\ Google Chrome v40.0.2214.115
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=67967&st=bs&tid=6876&ver=4.7&ts=1378871269887&tguid=67967-6876-1378871269887-26F0F36F9E7BD9D343F6DD3B9D2CBE58&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=67967&st=bs&tid=6876&ver=4.7&ts=1378871269887&tguid=67967-6876-1378871269887-26F0F36F9E7BD9D343F6DD3B9D2CBE58&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8DCCA54E-C790-43C4-8B9D-5B56B584EF89&q={searchTerms}&SSPV=
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.speedbit.com/search.aspx?aff=svd_AD&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={EF567859-85B7-48B8-A677-E5B1FE964C91}&mid=39e0ef2eb97747d0a8d2e92931546863-babfa84feefb4efffe8c93a682691c981754fb26&lang=en&ds=AVG&pr=pr&d=2012-07-30 21:41:39&v=13.2.0.5&sap=dsp&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN30055097541563316&ctid=CT3300196&UM=2
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
 
-\\ Comodo Dragon v
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=67967&st=bs&tid=6876&ver=4.7&ts=1378871269887&tguid=67967-6876-1378871269887-26F0F36F9E7BD9D343F6DD3B9D2CBE58&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=67967&st=bs&tid=6876&ver=4.7&ts=1378871269887&tguid=67967-6876-1378871269887-26F0F36F9E7BD9D343F6DD3B9D2CBE58&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8DCCA54E-C790-43C4-8B9D-5B56B584EF89&q={searchTerms}&SSPV=
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.speedbit.com/search.aspx?aff=svd_AD&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={EF567859-85B7-48B8-A677-E5B1FE964C91}&mid=39e0ef2eb97747d0a8d2e92931546863-babfa84feefb4efffe8c93a682691c981754fb26&lang=en&ds=AVG&pr=pr&d=2012-07-30 21:41:39&v=13.2.0.5&sap=dsp&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN30055097541563316&ctid=CT3300196&UM=2
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
 
-\\ Chrome Canary v
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=67967&st=bs&tid=6876&ver=4.7&ts=1378871269887&tguid=67967-6876-1378871269887-26F0F36F9E7BD9D343F6DD3B9D2CBE58&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=67967&st=bs&tid=6876&ver=4.7&ts=1378871269887&tguid=67967-6876-1378871269887-26F0F36F9E7BD9D343F6DD3B9D2CBE58&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8DCCA54E-C790-43C4-8B9D-5B56B584EF89&q={searchTerms}&SSPV=
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.speedbit.com/search.aspx?aff=svd_AD&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={EF567859-85B7-48B8-A677-E5B1FE964C91}&mid=39e0ef2eb97747d0a8d2e92931546863-babfa84feefb4efffe8c93a682691c981754fb26&lang=en&ds=AVG&pr=pr&d=2012-07-30 21:41:39&v=13.2.0.5&sap=dsp&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN30055097541563316&ctid=CT3300196&UM=2
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
 
*************************
 
AdwCleaner[R0].txt - [54061 bytes] - [23/01/2014 23:57:55]
AdwCleaner[R1].txt - [53741 bytes] - [28/04/2014 17:31:41]
AdwCleaner[R2].txt - [7443 bytes] - [27/09/2014 08:38:52]
AdwCleaner[R3].txt - [7507 bytes] - [27/09/2014 09:30:33]
AdwCleaner[R4].txt - [7567 bytes] - [27/09/2014 09:32:20]
AdwCleaner[R5].txt - [7350 bytes] - [26/02/2015 16:34:49]
AdwCleaner[S0].txt - [95685 bytes] - [23/01/2014 23:59:11]
AdwCleaner[S1].txt - [9145 bytes] - [27/09/2014 09:33:21]
AdwCleaner[S2].txt - [11798 bytes] - [26/02/2015 16:37:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [11858  bytes] ##########


#8 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 26 February 2015 - 10:32 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/26/2015
Scan Time: 4:49:45 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.26.05
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 570449
Time Elapsed: 55 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.Spigot, HKU\S-1-5-21-1171557291-1144606443-3959319753-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [6b3e988a4149a5912ff303168f749a66], 
PUP.Optional.Spigot, HKU\S-1-5-21-1171557291-1144606443-3959319753-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [6b3e988a4149a5912ff303168f749a66], 
PUP.Optional.DictAddon.A, HKLM\SOFTWARE\WOW6432NODE\DICTADDON, Quarantined, [dccd160c99f1ba7c5628b272b2530ff1], 
PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPly, Quarantined, [278228fa3456eb4b27308b21956e26da], 
PUP.Optional.DictAddon.A, HKU\S-1-5-21-1171557291-1144606443-3959319753-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DICTADDON, Quarantined, [dfcab76b2f5b44f2aad5150f28dde31d], 
PUP.Optional.WhiteSmoke.A, HKU\S-1-5-21-1171557291-1144606443-3959319753-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New_V3, Quarantined, [67428e94dfab78beb5992b85e122b24e], 
 
Registry Values: 3
PUP.Optional.DictAddon.A, HKLM\SOFTWARE\WOW6432NODE\DICTADDON|age, 1385355600, Quarantined, [dccd160c99f1ba7c5628b272b2530ff1]
PUP.Optional.DictAddon.A, HKU\S-1-5-21-1171557291-1144606443-3959319753-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DICTADDON|age, 1385355600, Quarantined, [dfcab76b2f5b44f2aad5150f28dde31d]
PUP.Optional.Astromenda, HKU\S-1-5-21-1171557291-1144606443-3959319753-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Astromenda, Quarantined, [29800f135931b4824f7c67394cb76a96]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 4
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.ArcadeWeb.A, C:\Users\Kevin\AppData\Local\ArcadeWeb, Quarantined, [cfda2bf7f09a9d99ebefeaa956ade31d], 
PUP.Optional.ArcadeWeb.A, C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeWeb, Quarantined, [9f0ad05237530333c01be5aed72c837d], 
 
Files: 16
PUP.Optional.InstallCore, C:\Users\Kevin\AppData\Roaming\0F1L1I1PtF1F1C1N\Notepad++ Download Packages\uninstaller.exe, Quarantined, [b8f171b19cee47ef4484c46be12134cc], 
Trojan.JobLaunch.ODB, C:\Windows\System32\vgbqn.dll, Quarantined, [b0f963bff09af244456d19d71ae7ec14], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav-groups, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\favs##68524791cd88e1d76294a08da09e84a5, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\2cd2781ceac65eedab08a04c113a2935, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\2dc52447c210c94505b258d50fa9cc55, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\3bd55f4cf4ddec2e6c5dcb7aab8a517f, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\659efa2d94d5d78681533d96ef8610ef, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\77e510fd65fc6140c5fc86f799ffd353, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\8288e75310c022c5e1d169d4d01109b7, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\8cf4372ce38e8f7ffd366b0fc7cdd3a5, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\9900ddaad2f2e354455b54fe2365ba4e, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\bf22188672c276a1d44bb27e974f3f23, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\c0e7099e924772f7286bb49176168252, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.Astromenda.A, C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\astrmndant\fav_thumbs\ce1c961e88eecfdd9531e055715a72b3, Quarantined, [4663b86a2c5e00366e1e4048af546d93], 
PUP.Optional.ArcadeWeb.A, C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeWeb\Play More Games Online.lnk, Quarantined, [9f0ad05237530333c01be5aed72c837d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 26 February 2015 - 10:35 PM

files

Attached Files



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 27 February 2015 - 04:35 AM

Hi,

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.warning.gif P2P Warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.97KB   3 downloads

Step 2


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

Edited by deeprybka, 27 February 2015 - 04:36 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 27 February 2015 - 07:29 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Kevin at 2015-02-27 16:22:07 Run:4
Running from C:\Users\Kevin\Desktop\Cleaners
Loaded Profiles: Kevin (Available profiles: Kevin & Guest1 & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
File: "C:\Users\Kevin\AppData\Local\HssFG4gm4IaC5B1GR3tgTwF5sVsVx6URUw2krwB9CkwZwzb2GgaKKMedCPxiCi1tsSaCz8UbGFUwDLVKv5AhPFgemglKHGFEvYegLO8GpiG66dddlSazMbDpQHg4rrHIcnFbED97VInowUSGqgishlh3dGG2vqgUGAR1TES.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
Toolbar: HKU\S-1-5-21-1171557291-1144606443-3959319753-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3298578&SearchSource=48&CUI=UN13888077721868517&UM=2
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://astromenda.com/?f=7&a=ast_ir_14_30_ch&cd=
C:\Users\Guest1\AppData\Roaming\gychf.dll
Task: {2CCBEA2E-648D-41BB-B116-4007E35E6D72} - System32\Tasks\{8E9CF9E4-81DC-F3E5-C3D0-DD27897CF4BB} => C:\Windows\system32\vgbqn.dll/s "C:\Windows\system32\vgbqn.dll"
Task: {35A1757B-C9DA-44A9-A7D2-2084D4B1F342} - System32\Tasks\SBWUpdateTask_Logon_32e9b62a-74DE2BB0B1C6 => C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2012-07-19] (Speedbit Ltd.) 
Task: {B40309C7-3699-46D9-882C-CB53B979196C} - System32\Tasks\{744E970B-4EC9-474E-9F66-6C9AF39CCBE8} => pcalua.exe -a "C:\Users\Kevin\Desktop\elcomsoft advanced archive password recovery 4.53 + crack\Advanced Archive password Recovery 4.53.exe" -d "C:\Users\Kevin\Desktop\elcomsoft advanced archive password recovery 4.53 + crack"
Task: {DFF6CAEF-36AF-4A7D-A519-B50D83A9BF3E} - System32\Tasks\SBWUpdateTask_Time_32e9b62a-74DE2BB0B1C6 => C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2012-07-19] (Speedbit Ltd.) 
C:\Users\Kevin\AppData\Roaming\SearchProtect
C:\Users\Kevin\AppData\Local\Temp\Win Update\
CreateRestorePoint:
EmptyTemp:
 
*****************
 
Processes closed successfully.
 
========================= File: "C:\Users\Kevin\AppData\Local\HssFG4gm4IaC5B1GR3tgTwF5sVsVx6URUw2krwB9CkwZwzb2GgaKKMedCPxiCi1tsSaCz8UbGFUwDLVKv5AhPFgemglKHGFEvYegLO8GpiG66dddlSazMbDpQHg4rrHIcnFbED97VInowUSGqgishlh3dGG2vqgUGAR1TES.exe" ========================
 
MD5: E105CA095532D394C87711B5281078EE
Creation and modification date: 2014-03-31 18:19 - 2014-03-31 18:19
Size: 13005312
Attributes: ----A
Company Name: 
Internal Name: Launch.exe
Original Name: Launch.exe
Product Name: 
Description:  
File Version: 1.3.1.0
Product Version: 1.3.1.0
Copyright:  
 
====== End Of File: ======
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found. 
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found. 
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Value not found.
HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Key not found. 
Chrome HomePage not detected.
Chrome StartupUrls not detected.
"C:\Users\Guest1\AppData\Roaming\gychf.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CCBEA2E-648D-41BB-B116-4007E35E6D72} => Key not found. 
C:\Windows\System32\Tasks\{8E9CF9E4-81DC-F3E5-C3D0-DD27897CF4BB} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E9CF9E4-81DC-F3E5-C3D0-DD27897CF4BB} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35A1757B-C9DA-44A9-A7D2-2084D4B1F342} => Key not found. 
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_32e9b62a-74DE2BB0B1C6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_32e9b62a-74DE2BB0B1C6 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B40309C7-3699-46D9-882C-CB53B979196C} => Key not found. 
C:\Windows\System32\Tasks\{744E970B-4EC9-474E-9F66-6C9AF39CCBE8} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{744E970B-4EC9-474E-9F66-6C9AF39CCBE8} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFF6CAEF-36AF-4A7D-A519-B50D83A9BF3E} => Key not found. 
C:\Windows\System32\Tasks\SBWUpdateTask_Time_32e9b62a-74DE2BB0B1C6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_32e9b62a-74DE2BB0B1C6 => Key not found. 
"C:\Users\Kevin\AppData\Roaming\SearchProtect" => File/Directory not found.
"C:\Users\Kevin\AppData\Local\Temp\Win Update" => File/Directory not found.
Restore point was successfully created.
EmptyTemp: => Removed 25.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:22:32 ====


#12 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 27 February 2015 - 08:03 PM

HitmanPro 3.7.9.238
www.hitmanpro.com
 
   Computer name . . . . : KEVIN-HP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Kevin-HP\Kevin
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-02-27 16:55:27
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 4
   Traces  . . . . . . . : 158
 
   Objects scanned . . . : 3,401,595
   Files scanned . . . . : 113,746
   Remnants scanned  . . : 1,958,656 files / 1,329,193 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Guest\Desktop\MapleNinja\ehgxm8a2.dll
      Size . . . . . . . : 10,379,264 bytes
      Age  . . . . . . . : 648.1 days (2013-05-20 15:15:02)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 4F6BD27F84B55AC52CA26223AA217B45865EEC32C2D9CFEB0CDFF6D2EFECD904
    > G Data . . . . . . : Trojan.Generic.9195042
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 109.0
 
   C:\Users\Guest\Desktop\MapleNinja\MapleT.dll
      Size . . . . . . . : 10,379,264 bytes
      Age  . . . . . . . : 648.1 days (2013-05-20 15:11:44)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 4F6BD27F84B55AC52CA26223AA217B45865EEC32C2D9CFEB0CDFF6D2EFECD904
    > G Data . . . . . . : Trojan.Generic.9195042
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 109.0
 
   C:\Users\Guest\Desktop\MapleNinja\vb100.dll
      Size . . . . . . . : 1,804,800 bytes
      Age  . . . . . . . : 648.1 days (2013-05-20 15:11:45)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : EF38236F19DD6A02E32160CAE871EFED6A3A40409277F23FDD5860B9D17C8E0C
      Product  . . . . . : vb100 Anti-Virus system
      Publisher  . . . . : Tryant Groups.
      Description  . . . : vb100 Anti-Virus Engine
      Version  . . . . . : 2.00.2923.5234
      LanguageID . . . . : 2052
    > Bitdefender  . . . : Gen:Trojan.Heur2.LP.UH8@aSLEd9bb
      Fuzzy  . . . . . . : 108.0
 
   C:\Users\Kevin\Desktop\Downloads\Norton\Norton Trial Reset\NTR2013.exe
      Size . . . . . . . : 1,540,200 bytes
      Age  . . . . . . . : 152.1 days (2014-09-28 15:40:10)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 442CDD57F0910F7458FB96FCF88D65AF39643DAC19BC3653AEE7FB9DA8657B38
    > Bitdefender  . . . : Trojan.Generic.8816189
      Fuzzy  . . . . . . : 119.0
 
 
Suspicious files ____________________________________________________________
 
   C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
      Size . . . . . . . : 2,087,936 bytes
      Age  . . . . . . . : 2.4 days (2015-02-25 08:28:56)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 552DE6F30FD0E9BEF5519659E35FD23FD20645DE092DBA24F8551CCEBE000FD1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -44.3s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{4B7C7B78-8FC0-44E2-9AE2-5DFF57F5B860}
         -44.3s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{4B7C7B78-8FC0-44E2-9AE2-5DFF57F5B860}
         -44.3s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{4B7C7B78-8FC0-44E2-9AE2-5DFF57F5B860}
         -44.3s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{4B7C7B78-8FC0-44E2-9AE2-5DFF57F5B860}
         -44.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{29431FC7-B581-4BE6-9B7F-3FC8829F9A1B}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -30.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -17.6s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{1A16F6D0-ACED-40B0-AF1A-91A611A7F9FD}
         -17.6s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{1A16F6D0-ACED-40B0-AF1A-91A611A7F9FD}
         -17.5s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E8D46B60-DEC2-449B-88F0-1D6241C30B1B}
         -17.5s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E8D46B60-DEC2-449B-88F0-1D6241C30B1B}
         -17.5s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E8D46B60-DEC2-449B-88F0-1D6241C30B1B}
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
          0.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
          0.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
          0.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
          0.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
          0.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
          2.9s C:\Users\Kevin\Desktop\Cleaners\frst64.exe
         21.4s C:\Users\Kevin\Desktop\Cleaners\ESETPoweliksCleaner.exe_20150225.082917.16684.log
 
   C:\Users\Kevin\AppData\Local\PunkBuster\BC2\pb\dll\wc002305.dll
      Size . . . . . . . : 962,185 bytes
      Age  . . . . . . . : 1016.9 days (2012-05-16 20:06:18)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Kevin\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
      Size . . . . . . . : 962,185 bytes
      Age  . . . . . . . : 335.2 days (2014-03-29 13:07:25)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Kevin\AppData\Local\PunkBuster\BC2\pb\pbclold.dll
      Size . . . . . . . : 962,185 bytes
      Age  . . . . . . . : 1049.9 days (2012-04-13 18:16:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Kevin\AppData\Local\PunkBuster\BC2\pb\pbcls.dll
      Size . . . . . . . : 960,138 bytes
      Age  . . . . . . . : 1049.9 days (2012-04-13 18:16:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Kevin\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 954,496 bytes
      Age  . . . . . . . : 1076.8 days (2012-03-17 20:47:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Kevin\AppData\Local\PunkBuster\BFP4F\pb\pbcls.dll
      Size . . . . . . . : 954,496 bytes
      Age  . . . . . . . : 341.9 days (2014-03-22 19:39:46)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Kevin\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 139,424 bytes
      Age  . . . . . . . : 1076.8 days (2012-03-17 20:48:38)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Kevin\Desktop\Cleaners\frst64.exe
      Size . . . . . . . : 2,087,936 bytes
      Age  . . . . . . . : 2.4 days (2015-02-25 08:28:59)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 552DE6F30FD0E9BEF5519659E35FD23FD20645DE092DBA24F8551CCEBE000FD1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -47.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{4B7C7B78-8FC0-44E2-9AE2-5DFF57F5B860}
         -47.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{4B7C7B78-8FC0-44E2-9AE2-5DFF57F5B860}
         -47.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{4B7C7B78-8FC0-44E2-9AE2-5DFF57F5B860}
         -47.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{4B7C7B78-8FC0-44E2-9AE2-5DFF57F5B860}
         -47.1s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{29431FC7-B581-4BE6-9B7F-3FC8829F9A1B}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -33.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{F6E7BB12-C40B-4981-9E35-488BA289E5DD}
         -20.5s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{1A16F6D0-ACED-40B0-AF1A-91A611A7F9FD}
         -20.5s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{1A16F6D0-ACED-40B0-AF1A-91A611A7F9FD}
         -20.4s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E8D46B60-DEC2-449B-88F0-1D6241C30B1B}
         -20.4s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E8D46B60-DEC2-449B-88F0-1D6241C30B1B}
         -20.4s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E8D46B60-DEC2-449B-88F0-1D6241C30B1B}
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.9s C:\$RECYCLE.BIN\S-1-5-21-1171557291-1144606443-3959319753-1000\$R0V64L6.exe
         -2.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
         -2.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
         -2.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
         -2.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
         -2.7s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\CmnClnt\ccSubSDK\{E88F17B0-D5AA-4D1D-B2C5-81626C7D24F4}
          0.0s C:\Users\Kevin\Desktop\Cleaners\frst64.exe
         18.4s C:\Users\Kevin\Desktop\Cleaners\ESETPoweliksCleaner.exe_20150225.082917.16684.log
 
   C:\Users\Kevin\Desktop\Downloads\BFBC2\pb\pbcl.dll
      Size . . . . . . . : 960,138 bytes
      Age  . . . . . . . : 989.9 days (2012-06-12 18:35:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Kevin\Documents\BFBC2\pb\pbcl.dll
      Size . . . . . . . : 960,138 bytes
      Age  . . . . . . . : 562.8 days (2013-08-13 21:53:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\SpeedBit\ (SpeedBit)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}\ (VidSaver)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011341191}\ (VidSaver)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}\ (VidSaver)
   HKLM\SOFTWARE\Wow6432Node\SpeedBit\ (SpeedBit)
   HKU\S-1-5-21-1171557291-1144606443-3959319753-1000_Classes\Wow6432Node\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ (Speedial)
   HKU\S-1-5-21-1171557291-1144606443-3959319753-1007\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ (AskBar)
   HKU\S-1-5-21-1171557291-1144606443-3959319753-501\Software\AppDataLow\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-1171557291-1144606443-3959319753-501\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ (AskBar)
   HKU\S-1-5-21-1171557291-1144606443-3959319753-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
   HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ (AskBar)
 
Cookies _____________________________________________________________________
 
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.lavanetwork.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.vatgia.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adsrvmedia.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver482next.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver598next.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.hubrus.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.mediaquark.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:a1.interclick.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ad.360yield.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ad.velmedia.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ad.where.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:adbrite.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.contactmusic.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.movielush.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.p161.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.pixfuture.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.undertone.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ads.us.e-planning.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:adtechus.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:advertising.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:apmebf.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ar.atwola.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:at.atwola.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:atdmt.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:atwola.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:burstnet.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:casalemedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:collective-media.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:doubleclick.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:emjcd.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:fastclick.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:interclick.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:invitemedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:matcher.realmedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:media6degrees.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:mediaplex.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:network.realmedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:pointroll.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:questionmarket.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:realmedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:revsci.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:ru4.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:serving-sys.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:specificclick.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:statcounter.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:stats.adotube.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:tacoda.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:track.adform.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:tribalfusion.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:www.burstnet.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:yieldmanager.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\cookies.sqlite:zedo.com
   C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
 
 


#13 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 28 February 2015 - 01:35 AM

ESETSmartInstaller@High as downloader log:
all ok


#14 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 28 February 2015 - 01:37 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Kevin (administrator) on KEVIN-HP on 27-02-2015 22:35:49
Running from C:\Users\Kevin\Desktop\Cleaners
Loaded Profiles: Kevin & Guest1 & Guest &  (Available profiles: Kevin & Guest1 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\puush\puush.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Kevin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoUpdateCheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-24] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-08-19] ()
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [Spotify Web Helper] => C:\Users\Kevin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1956920 2015-02-18] (Spotify Ltd)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\MountPoints2: K - K:\SETUP.EXE
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\MountPoints2: {b5cb311d-6e09-11e3-a9cc-386077b08190} - J:\setup.exe
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\Run: [Akamai NetSession Interface] => C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\Run: [uTorrent] => C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-02-27] (BitTorrent Inc.)
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\Run: [MK LOL] => C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe [1092296 2014-12-15] ()
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-08-19] ()
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\MountPoints2: K - K:\SETUP.EXE
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\...\MountPoints2: {b5cb311d-6e09-11e3-a9cc-386077b08190} - J:\setup.exe /autorun
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1171557291-1144606443-3959319753-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-1171557291-1144606443-3959319753-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-1171557291-1144606443-3959319753-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
HKU\S-1-5-21-1171557291-1144606443-3959319753-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-1007 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-1007 -> {4B7CF102-8201-44F6-B4B1-DBCFDFED98BE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-1007 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-1007 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-1007 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {0D85E684-3940-4C77-937B-1854D91E705A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {4B7CF102-8201-44F6-B4B1-DBCFDFED98BE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={EF567859-85B7-48B8-A677-E5B1FE964C91}&mid=39e0ef2eb97747d0a8d2e92931546863-babfa84feefb4efffe8c93a682691c981754fb26&lang=en&ds=AVG&pr=pr&d=2012-07-30 21:41:39&v=13.2.0.5&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {d03dfedf-bab9-493a-9ce6-fdc118f46b31} URL = http://search.certified-toolbar.com?si=67967&st=bs&tid=6876&ver=4.7&ts=1378871269887&tguid=67967-6876-1378871269887-26F0F36F9E7BD9D343F6DD3B9D2CBE58&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {4B7CF102-8201-44F6-B4B1-DBCFDFED98BE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> No Name - {8F4181F4-137B-4CEF-B050-6C8A58FABFBF} -  No File
Toolbar: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> No Name - {068969A9-46CD-4E38-9DDB-4939814A3E32} -  No File
Toolbar: HKU\S-1-5-21-1171557291-1144606443-3959319753-501 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11C428DB-2739-4F83-835E-68A2E987DF24}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Kevin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1171557291-1144606443-3959319753-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1171557291-1144606443-3959319753-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1171557291-1144606443-3959319753-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2013-12-05]
FF Extension: DictAddon - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\thomas.cummerata@retta.biz [2013-11-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-02-27]
FF HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
 
Chrome: 
=======
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (Adblock Plus) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-27]
CHR Extension: (Norton Identity Safe) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-27]
CHR Extension: (Website Logon) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2014-09-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-02-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-28]
CHR HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kevin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-07]
CHR HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-24] (BlueStack Systems, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-22] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2538808 2014-09-04] (AVG Technologies)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH) [File not signed]
S4 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.6.0.32\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-24] (BlueStack Systems)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-26] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 EuMusDesignVirtualAudioCableWdm_lcs; C:\Windows\System32\DRIVERS\vaclcskd.sys [66016 2009-12-05] (Eugene V. Muzychenko)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.6.0.32\Definitions\IPSDefs\20150227.003\IDSvia64.sys [669400 2015-02-02] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.6.0.32\Definitions\VirusDefs\20150227.003\ENG64.SYS [129752 2015-02-05] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.6.0.32\Definitions\VirusDefs\20150227.003\EX64.SYS [2137304 2015-02-05] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-22] ()
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126976 2011-01-10] (Razer USA Ltd) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-26] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-12-10] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software)
U3 aixzsm3o; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 17:04 - 2015-02-27 17:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-27 16:55 - 2015-02-27 16:55 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-27 16:31 - 2015-02-27 16:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-27 16:15 - 2015-02-27 16:15 - 00000855 _____ () C:\Users\Kevin\Desktop\µTorrent.lnk
2015-02-27 16:15 - 2015-02-27 16:15 - 00000835 _____ () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-26 16:46 - 2015-02-26 16:46 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-26 16:30 - 2015-02-26 16:30 - 00003052 _____ () C:\Windows\System32\Tasks\{95022D4F-0780-4C0B-871A-72C1A2B8FD1C}
2015-02-24 18:51 - 2015-02-24 18:55 - 00001666 _____ () C:\Users\Kevin\Desktop\Rkill.txt
2015-02-18 23:10 - 2015-02-18 23:10 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Steam
2015-02-18 02:55 - 2015-02-18 02:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-18 02:55 - 2015-02-18 02:55 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-17 19:52 - 2015-02-17 19:52 - 00000222 _____ () C:\Users\Kevin\Desktop\Nosgoth.url
2015-02-10 19:44 - 2015-02-10 19:44 - 00001879 _____ () C:\Users\Kevin\Desktop\Start BlueStacks.lnk
2015-02-07 21:43 - 2015-02-26 20:22 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Spotify
2015-02-07 21:43 - 2015-02-07 21:43 - 00001809 _____ () C:\Users\Kevin\Desktop\Spotify.lnk
2015-02-07 21:43 - 2015-02-07 21:43 - 00001795 _____ () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-07 21:42 - 2015-02-27 17:33 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Spotify
2015-01-30 18:25 - 2015-01-30 18:25 - 00000000 ____D () C:\Users\Guest1\AppData\Local\Apple
2015-01-30 14:32 - 2015-01-30 14:32 - 00000000 ____D () C:\Users\Guest1\AppData\Roaming\Apple Computer
2015-01-29 22:42 - 2015-01-29 22:42 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-29 22:42 - 2015-01-29 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-29 22:42 - 2015-01-29 22:42 - 00000000 ____D () C:\Program Files\iPod
2015-01-29 22:42 - 2015-01-29 22:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-29 22:41 - 2015-01-29 22:42 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-29 22:41 - 2015-01-29 22:42 - 00000000 ____D () C:\Program Files\iTunes
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 22:35 - 2014-09-27 09:42 - 00000000 ____D () C:\Users\Kevin\Desktop\Cleaners
2015-02-27 22:35 - 2014-09-27 09:42 - 00000000 ____D () C:\FRST
2015-02-27 22:27 - 2014-08-13 13:32 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2015-02-27 22:10 - 2012-06-29 22:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 22:05 - 2012-06-29 22:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 22:05 - 2009-07-13 21:13 - 00831118 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 22:03 - 2014-03-19 21:21 - 00079180 _____ () C:\Windows\setupact.log
2015-02-27 21:52 - 2012-03-30 07:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 21:44 - 2012-03-13 20:15 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F69609AB-5ECE-459E-A380-06A360F859CE}
2015-02-27 17:33 - 2014-09-27 08:43 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-27 17:33 - 2014-08-19 15:53 - 00000000 ____D () C:\Program Files (x86)\puush
2015-02-27 16:32 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 16:32 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 16:28 - 2012-03-13 20:12 - 01613530 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 16:24 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 16:23 - 2014-03-20 23:49 - 02306710 _____ () C:\Windows\PFRO.log
2015-02-27 16:15 - 2013-10-13 16:21 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\uTorrent
2015-02-26 22:58 - 2014-02-02 22:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-26 19:10 - 2014-09-27 04:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 18:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SchCache
2015-02-26 16:46 - 2014-09-27 04:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 16:46 - 2014-09-27 04:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 16:37 - 2014-01-23 23:57 - 00000000 ____D () C:\AdwCleaner
2015-02-26 01:39 - 2014-02-02 22:24 - 00000000 ____D () C:\Program Files (x86)\Castle Crashers
2015-02-25 22:16 - 2014-02-01 16:07 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Battle.net
2015-02-25 22:14 - 2014-02-01 16:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-25 21:16 - 2012-03-16 22:10 - 00000000 ____D () C:\Users\Kevin\AppData\Local\CrashDumps
2015-02-24 18:46 - 2014-09-28 12:15 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-18 02:55 - 2014-03-07 18:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 02:55 - 2012-08-06 21:38 - 00000000 ____D () C:\Users\Kevin\Documents\My Games
2015-02-17 19:52 - 2013-12-26 21:35 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-17 16:12 - 2015-01-27 09:41 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF3B4352-FE8F-4C12-8F7B-75A37169ED94}
2015-02-13 20:01 - 2012-03-21 16:22 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKevin
2015-02-13 20:01 - 2012-03-21 16:22 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForKevin.job
2015-02-10 14:49 - 2012-08-10 12:48 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Akamai
2015-02-09 21:46 - 2014-01-10 21:29 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-04 22:00 - 2012-06-29 22:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:00 - 2012-06-29 22:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-01 11:16 - 2014-12-01 03:27 - 00000000 ____D () C:\Users\Kevin\Desktop\test
2015-01-29 22:42 - 2014-07-24 20:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2011-11-22 16:16 - 2011-06-09 15:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2013-11-26 19:00 - 2013-11-26 19:01 - 0000000 _____ () C:\Users\Kevin\AppData\Roaming\bitlord_log.txt
2014-08-15 06:41 - 2013-11-28 00:04 - 0421200 _____ (Microsoft Corporation) C:\Users\Kevin\AppData\Roaming\msvcp100.dll
2014-08-15 06:41 - 2013-11-28 00:04 - 0770384 _____ (Microsoft Corporation) C:\Users\Kevin\AppData\Roaming\msvcr100.dll
2013-06-23 08:57 - 2013-06-26 23:39 - 0008678 _____ () C:\Users\Kevin\AppData\Roaming\MultiScreen_log.log
2014-08-15 06:41 - 2013-11-28 00:04 - 1776240 _____ (Mozilla Foundation) C:\Users\Kevin\AppData\Roaming\nss3.dll
2014-08-24 06:56 - 2014-09-26 05:22 - 0000085 _____ () C:\Users\Kevin\AppData\Roaming\WB.CFG
2013-07-30 22:58 - 2013-07-30 22:58 - 0000037 ___SH () C:\Users\Kevin\AppData\Local\20986331705021ca58edc424.96250074
2014-03-31 18:19 - 2014-03-31 18:19 - 13005312 _____ () C:\Users\Kevin\AppData\Local\HssFG4gm4IaC5B1GR3tgTwF5sVsVx6URUw2krwB9CkwZwzb2GgaKKMedCPxiCi1tsSaCz8UbGFUwDLVKv5AhPFgemglKHGFEvYegLO8GpiG66dddlSazMbDpQHg4rrHIcnFbED97VInowUSGqgishlh3dGG2vqgUGAR1TES.exe
2012-04-03 19:04 - 2012-05-21 12:54 - 0000187 _____ () C:\Users\Kevin\AppData\Local\msmathematics.qat.Kevin
2013-11-26 19:03 - 2013-11-26 19:03 - 0000218 _____ () C:\Users\Kevin\AppData\Local\recently-used.xbel
2014-07-17 05:30 - 2014-08-15 22:47 - 0007604 _____ () C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
2013-12-18 16:39 - 2013-12-23 23:14 - 0023580 ___HT () C:\Users\Kevin\AppData\Local\Temptemp_datacash.dat
2013-08-15 22:46 - 2014-12-20 19:26 - 0000929 _____ () C:\Users\Kevin\AppData\Local\_settings.ini
2012-12-10 18:26 - 2012-12-10 18:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-01-01 21:08 - 2011-05-16 03:36 - 1654869 _____ (Dynu Systems Inc.) C:\ProgramData\DynuEncrypt.dll
 
Files to move or delete:
====================
C:\ProgramData\DynuEncrypt.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\gychf.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 00:43
 
==================== End Of Log ============================


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 28 February 2015 - 04:01 AM

ESETSmartInstaller@High as downloader log:
all ok


The ESET Log isn't complete...
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users