Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LaunchTM.exe virus or not?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Aurelis

Aurelis

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 26 February 2015 - 12:36 PM

Couple of weeks ago C:\Users\Celador\AppData\Roaming\Microsoft\Windows\IEUpdate\LaunchTM.exe has asked me for permission to do something in command prompt which i denied. I've noticed that i had an instance of that LaunchTM.exe running in task manager and i also had 2 autorun entries in registry as well as windows task which is suppose to restart that .exe every minute.

 

I've managed to delete everything (file, autorun entries, task entry) but i am not sure whether it was actually a virus or not. I did check the file with Avira antivirus and online virus scanner which yielded nothing.

 

After that i've noticed that my windows firewall had to be started upon every boot manually and when i tried to launch a command prompt it said that \Users\Celador\AppData\Roaming\Microsoft\Windows\IEUpdate\LaunchTM.exe was not a part of something (sorry i forgot to write it down), so i've run malwarebytes scanner and it removed several registry entries related to command prompt and now i don't receive that message when i run cmd anymore.

 

Just now i've deleted my antivirus (avira), installed bitdefender (had some issues with on access scanner) and finally removed it and installed kaspersky instead. This apparently has fixed an issue with windows firewall.

 

Basically id like to know whether i was or still infected with a virus and how can i know that for sure. I've used both windows defender and kaspersky, and avira to scan my system but they found nothing. Malwarebytes didn't find anything on a second scan either. I've also used sfc /scannow command and it apparently fixed something and also said that it found some issues that cannot be fixed.

 

I am also dealing with connection issues - some sites (like kaspersky.ru, microsoft.com, steamcommunity.com etc.) either open slowly or do not open at all. Im not sure whether its related to a virus or not, it could be my ISP. I've already sent them tracert logs. Basically i couldn't open some sites at all since yesterday, called them and deleted LaunchTM.exe at the same time and now most of the sites are opening again, so i am not sure whether they fixed it or i did. The reason i think that its ISP issue is because i can open sites using proxies so it looks like a routing issue, rather than virus blocking my connections, though i am not 100% sure either.

 

Any help would be appreciated. I've included frst logs.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Celador (administrator) on ZEUSERICH on 26-02-2015 20:31:31
Running from C:\Users\Celador\Desktop
Loaded Profiles: Celador &  (Available profiles: Celador)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) Q:\Bluetooth\btwdins.exe
(CHENGDU YIWO Tech Development Co., Ltd) Q:\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Garmin Ltd or its subsidiaries) Q:\garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hi-Rez Studios) Q:\Smite\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(FinalWire Ltd.) Q:\AIDA64\aida64.exe
() Q:\Todo Backup\bin\TodoBackupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Broadcom Corporation.) Q:\Bluetooth\BTTray.exe
() Q:\LCDHost\bin\LCDHost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) Q:\Bluetooth\BTStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) Q:\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Malwarebytes Corporation) Q:\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Fences] => Q:\Fences\Fences.exe [3993744 2014-05-22] (Stardock Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-01-19] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => Q:\garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => Q:\garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [GarminExpressTrayApp] => Q:\garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-48034526-3723981058-1979390203-1001\...\Run: [GarminExpressTrayApp] => Q:\garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => Q:\garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [Run] "C:\Users\Celador\AppData\Roaming\Microsoft\Windows\IEUpdate\LaunchTM.exe"
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Command Processor: "C:\Users\Celador\AppData\Roaming\Microsoft\Windows\IEUpdate\LaunchTM.exe" <===== ATTENTION!
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => Q:\garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [GarminExpressTrayApp] => Q:\garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => Q:\garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
AppInit_DLLs-x32: Ȋ䈺义∀ => "Ȋ䈺义∀" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> Q:\Bluetooth\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Celador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> Q:\evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Celador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCDHost.lnk
ShortcutTarget: LCDHost.lnk -> Q:\LCDHost\bin\LCDHost.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{0bb69c39-7e69-49de-8137-a850b09bd7bc} <======= ATTENTION (Policy Restriction on IP)
ProxyServer: [S-1-5-21-48034526-3723981058-1979390203-1001] => https=127.0.0.1:57762
ProxyServer: [S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => https=127.0.0.1:57762
ProxyServer: [S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] => https=127.0.0.1:57762
ProxyServer: [S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2] => https=127.0.0.1:57762
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-48034526-3723981058-1979390203-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-48034526-3723981058-1979390203-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {FE7D5A0F-4E25-41B1-8A99-3D9D58F400D2} http://192.168.1.88/webvideo.cab
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default
FF SelectedSearchEngine: Ask Search
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> Q:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> Q:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> Q:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> Q:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> Q:\adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin-x32: HCWP Web Components -> C:\Program Files (x86)\HCWP Web Components\npHCWPWebVideoPlugin.dll No File
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001: @hola.org/vlc,version=1.6.676 -> C:\Users\Celador\AppData\Local\Hola\firefox\app\vlc ()
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Celador\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/vlc,version=1.6.676 -> C:\Users\Celador\AppData\Local\Hola\firefox\app\vlc ()
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Celador\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @hola.org/vlc,version=1.6.676 -> C:\Users\Celador\AppData\Local\Hola\firefox\app\vlc ()
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Celador\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @hola.org/vlc,version=1.6.676 -> C:\Users\Celador\AppData\Local\Hola\firefox\app\vlc ()
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Celador\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-48034526-3723981058-1979390203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: FoxyProxy Standard - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\foxyproxy@eric.h.jung [2015-02-04]
FF Extension: Russian Hunspell spellchecking dictionary - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\hunspell-ru@dictionaries.addons.mozilla.org [2014-08-10]
FF Extension: Hola Better Internet - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-02-24]
FF Extension: British English Dictionary (Forked by Marco Pinto) - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\marcoagpinto@mail.telepac.pt [2015-01-31]
FF Extension: Garmin Communicator - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-07-26]
FF Extension: FT DeepDark - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-04]
FF Extension: WOT - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-14]
FF Extension: DownloadHelper - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-07-26]
FF Extension: frigate2 - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\e67f8350-7edf-11e3-baa7-0800200c9a66@fri-gate.org.xpi [2014-07-26]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-07-26]
FF Extension: NASA Night Launch - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\nasanightlaunch@example.com.xpi [2015-01-04]
FF Extension: Night Launch Companion - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\nightlaunchcompanion@example.com.xpi [2014-07-26]
FF Extension: NightLaunch.Next - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\nightlaunchnext@example.com.xpi [2014-07-26]
FF Extension: Speed Dial - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-07-26]
FF Extension: Password Exporter - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-07-26]
FF Extension: Adblock Plus - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-26]
FF Extension: Greasemonkey - C:\Users\Celador\AppData\Roaming\Mozilla\Firefox\Profiles\b6n42r06.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2015-01-23]
StartMenuInternet: FIREFOX.EXE - Q:\Firefox\firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [c4526-3723981058-1979390203-1001] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-27] (Avira Operations GmbH & Co. KG)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 btwdins; Q:\Bluetooth\btwdins.exe [957304 2012-09-28] (Broadcom Corporation.)
R2 EaseUS Agent; Q:\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
R2 Garmin Core Update Service; Q:\garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
U2 HiPatchService; Q:\Smite\HiPatchService.exe [9216 2015-02-24] (Hi-Rez Studios) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; Q:\Origin\OriginClientService.exe [1910128 2015-02-10] (Electronic Arts)
S4 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] ()
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-18] (Stardock Software, Inc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2014-03-10] (Stardock Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AIDA64Driver; C:\Users\Celador\AppData\Local\Temp\AIDA64Driver.sys [34136 2014-10-30] ()
R1 appliand; C:\Windows\system32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-11-27] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-26] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175720 2010-04-09] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-12-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SaiK1709; C:\Windows\system32\DRIVERS\SaiK1709.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1709; C:\Windows\System32\drivers\SaiU1709.sys [47168 2012-09-20] (Saitek)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [33336 2010-02-18] (Windows ® Codename Longhorn DDK provider)
S3 TDIMSYS; C:\WINDOWS\SysWOW64\drivers\TDIMSYS.SYS [31312 2014-07-21] () [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 20:31 - 2015-02-26 20:31 - 02087936 _____ (Farbar) C:\Users\Celador\Desktop\FRST64.exe
2015-02-26 20:31 - 2015-02-26 20:31 - 00026532 _____ () C:\Users\Celador\Desktop\FRST.txt
2015-02-26 20:31 - 2015-02-26 20:31 - 00000000 ____D () C:\FRST
2015-02-26 20:27 - 2015-02-26 20:28 - 00000000 ____D () C:\Users\Celador\Desktop\Новая папка (3)
2015-02-26 20:11 - 2015-02-26 20:11 - 00000621 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-26 20:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-26 20:11 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-26 20:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-26 20:10 - 2015-02-26 20:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Celador\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-26 02:57 - 2015-02-26 02:57 - 00007334 _____ () C:\Users\Celador\Desktop\OpenDocument Text.odt
2015-02-25 15:30 - 2015-02-06 21:23 - 24539136 _____ () C:\Users\Celador\Downloads\RT-AC68U_3.0.0.4_378.50_0.trx
2015-02-24 23:20 - 2015-02-25 16:50 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\InputMapper
2015-02-24 23:20 - 2015-02-24 23:20 - 00001472 _____ () C:\Users\Public\Desktop\InputMapper.lnk
2015-02-24 23:20 - 2015-02-24 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InputMapper
2015-02-24 16:31 - 2015-02-24 16:31 - 00000202 _____ () C:\Users\Celador\Desktop\Medieval Engineers.url
2015-02-24 13:51 - 2015-02-24 13:51 - 00000003 _____ () C:\Users\Celador\Desktop\Новый текстовый документ (7).txt
2015-02-23 01:37 - 2015-02-23 01:37 - 00007558 _____ () C:\Users\Celador\Desktop\Конфигуратор ПК Регард - сеть компьютерных магазинов - Москва - продажа компьютеров, комплектующих, оргтехники.htm
2015-02-23 01:37 - 2015-02-23 01:37 - 00000000 ____D () C:\Users\Celador\Desktop\Конфигуратор ПК Регард - сеть компьютерных магазинов - Москва - продажа компьютеров, комплектующих, оргтехники_files
2015-02-22 00:53 - 2015-02-22 00:53 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\EnemyMind
2015-02-21 01:42 - 2015-02-21 01:42 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\ESS
2015-02-20 21:07 - 2015-02-20 21:07 - 00000365 ____C () C:\WINDOWS\DirectX.log
2015-02-20 20:25 - 2015-02-20 20:25 - 00000000 ____D () C:\Users\Celador\Documents\Book of Unwritten Tales
2015-02-20 14:22 - 2015-02-20 14:22 - 00000631 _____ () C:\Users\Celador\Desktop\The Book of Unwritten Tales.lnk
2015-02-20 13:57 - 2015-02-20 13:57 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\MedievalEngineers
2015-02-17 00:29 - 2015-02-24 21:59 - 00001023 _____ () C:\Users\Celador\Desktop\Новый текстовый документ (6).txt
2015-02-16 22:24 - 2015-02-16 22:24 - 00000003 _____ () C:\WINDOWS\system32\HRUPPROG.TXT
2015-02-16 22:24 - 2015-02-16 22:24 - 00000003 _____ () C:\WINDOWS\system32\HRUPPROG.EXIT
2015-02-16 20:44 - 2015-02-16 20:44 - 00000202 _____ () C:\Users\Celador\Desktop\Distance.url
2015-02-15 18:50 - 2015-02-15 18:50 - 00000202 _____ () C:\Users\Celador\Desktop\Don't Starve Together Beta.url
2015-02-15 15:00 - 2015-02-15 15:00 - 00000000 ____D () C:\Users\Celador\Documents\Offworld
2015-02-15 07:58 - 2015-02-15 07:58 - 00000202 _____ () C:\Users\Celador\Desktop\Broforce.url
2015-02-13 10:29 - 2015-02-13 10:29 - 00000850 _____ () C:\Users\Celador\Desktop\The Sims 4 Deluxe Edition.lnk
2015-02-12 03:25 - 2015-02-12 03:25 - 00000000 ____D () C:\Users\Celador\AppData\Local\EdenGame
2015-02-12 02:43 - 2015-02-12 02:43 - 00000605 _____ () C:\Users\Celador\Desktop\MSI Afterburner.lnk
2015-02-11 22:50 - 2015-01-10 10:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 22:50 - 2015-01-10 09:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 22:50 - 2014-12-09 06:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 22:50 - 2014-12-09 04:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 22:49 - 2015-01-19 21:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 22:49 - 2015-01-16 01:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 22:49 - 2015-01-16 01:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 22:49 - 2015-01-14 07:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 22:49 - 2015-01-14 06:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 22:49 - 2015-01-14 01:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 22:49 - 2015-01-14 01:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 22:49 - 2015-01-12 06:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 22:49 - 2015-01-12 05:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 22:49 - 2015-01-12 05:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 22:49 - 2015-01-12 05:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 22:49 - 2015-01-12 05:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 22:49 - 2015-01-12 05:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 22:49 - 2015-01-12 05:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 22:49 - 2015-01-12 05:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 22:49 - 2015-01-12 05:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 22:49 - 2015-01-12 05:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 22:49 - 2015-01-12 05:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 22:49 - 2015-01-12 05:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 22:49 - 2015-01-12 04:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 22:49 - 2015-01-12 04:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 22:49 - 2015-01-12 04:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 22:49 - 2015-01-12 04:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 22:49 - 2015-01-12 04:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 22:49 - 2015-01-12 04:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 22:49 - 2015-01-12 04:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 22:49 - 2015-01-12 04:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 22:49 - 2015-01-12 04:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 22:49 - 2015-01-12 04:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 22:49 - 2015-01-12 04:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 22:49 - 2015-01-12 04:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 22:49 - 2015-01-12 04:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 22:49 - 2015-01-12 04:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 22:49 - 2015-01-12 04:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 22:49 - 2015-01-12 04:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 22:49 - 2015-01-12 04:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 22:49 - 2015-01-12 04:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 22:49 - 2015-01-12 04:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 22:49 - 2015-01-12 04:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 22:49 - 2015-01-12 04:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 22:49 - 2015-01-12 04:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 22:49 - 2015-01-12 03:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 22:49 - 2015-01-12 03:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 22:49 - 2015-01-10 12:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 22:49 - 2015-01-10 12:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 22:49 - 2015-01-10 11:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 22:49 - 2015-01-10 11:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 22:49 - 2014-12-19 11:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 22:49 - 2014-12-19 11:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 22:49 - 2014-12-09 02:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 06:18 - 2015-02-12 02:56 - 00000000 ____D () C:\Users\Celador\AppData\Local\Deployment
2015-02-08 22:17 - 2015-02-08 22:51 - 00016362 _____ () C:\Users\Celador\Desktop\Microsoft Office Word Document (2).odt
2015-02-07 00:00 - 2015-02-07 00:00 - 00000202 _____ () C:\Users\Celador\Desktop\Evolve.url
2015-02-06 03:57 - 2015-02-06 03:57 - 00000000 ____D () C:\Users\Celador\AppData\Local\I Am Bread
2015-02-05 19:44 - 2015-02-05 19:44 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\Avira
2015-02-05 19:42 - 2015-02-05 19:42 - 00000000 ____D () C:\Users\Все пользователи\Avira
2015-02-05 19:42 - 2015-02-05 19:42 - 00000000 ____D () C:\ProgramData\Avira
2015-02-05 19:42 - 2015-02-05 19:42 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-05 19:42 - 2014-11-27 07:59 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-02-05 19:42 - 2014-11-27 07:59 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-02-05 19:42 - 2014-11-27 07:59 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-02-05 19:42 - 2014-11-27 07:59 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-02-05 19:36 - 2015-02-25 13:58 - 00171906 ____C () C:\WINDOWS\PFRO.log
2015-02-05 19:35 - 2015-02-05 19:35 - 00268602 _____ () C:\Users\Все пользователи\1423154085.bdinstall.bin
2015-02-05 19:35 - 2015-02-05 19:35 - 00268602 _____ () C:\ProgramData\1423154085.bdinstall.bin
2015-02-05 19:20 - 2015-02-26 19:49 - 01245109 ____C () C:\WINDOWS\WindowsUpdate.log
2015-02-05 19:19 - 2015-02-26 19:53 - 00016228 ____C () C:\WINDOWS\setupact.log
2015-02-05 19:19 - 2015-02-05 19:19 - 00000000 ____C () C:\WINDOWS\setuperr.log
2015-02-05 19:06 - 2015-02-05 19:06 - 00000558 _____ () C:\Users\Celador\Desktop\CCleaner.lnk
2015-02-05 07:04 - 2015-02-05 07:04 - 00000000 ____D () C:\Users\Celador\AppData\Local\Steam
2015-02-05 06:46 - 2015-02-05 06:46 - 00000202 _____ () C:\Users\Celador\Desktop\Grow Home.url
2015-02-05 04:41 - 2015-02-18 21:58 - 00000000 ____D () C:\Users\Celador\AppData\Local\GrowHome
2015-02-03 23:09 - 2015-02-06 00:13 - 00000202 _____ () C:\Users\Celador\Desktop\Darkest Dungeon.url
2015-02-02 19:59 - 2015-02-23 03:43 - 00000000 ____D () C:\Users\Celador\Downloads\bluescreenview-x64
2015-02-02 13:12 - 2015-02-13 04:44 - 00015932 _____ () C:\Users\Celador\Desktop\OpenDocument Spreadsheet.ods
2015-01-31 21:21 - 2015-01-31 21:21 - 00000202 _____ () C:\Users\Celador\Desktop\Besiege.url
2015-01-31 14:26 - 2015-01-31 14:26 - 00000000 ____D () C:\Users\Celador\AppData\Local\spacegame
2015-01-31 13:39 - 2015-01-31 13:39 - 00000202 _____ () C:\Users\Celador\Desktop\Fractured Space.url
2015-01-30 21:09 - 2015-01-30 21:09 - 00000000 ____D () C:\Users\Все пользователи\FlyVPN
2015-01-30 21:09 - 2015-01-30 21:09 - 00000000 ____D () C:\ProgramData\FlyVPN
2015-01-29 22:58 - 2015-01-29 22:57 - 00005258 _____ () C:\Users\Celador\Desktop\Текстовый документ — копия (2).txt
2015-01-29 22:56 - 2015-02-16 10:27 - 00000940 _____ () C:\Users\Celador\Desktop\steam accounts.txt
2015-01-28 16:37 - 2015-01-28 16:37 - 00000324 _____ () C:\Users\Celador\Desktop\IdleMaster.appref-ms
2015-01-28 16:37 - 2015-01-28 16:37 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IdleMaster
2015-01-28 14:50 - 2015-01-28 14:50 - 00000202 _____ () C:\Users\Celador\Desktop\MASSIVE CHALICE.url
2015-01-28 14:49 - 2015-01-28 14:49 - 00000202 _____ () C:\Users\Celador\Desktop\Reassembly.url
2015-01-28 14:43 - 2015-01-28 14:43 - 00000202 _____ () C:\Users\Celador\Desktop\Minimum.url
2015-01-27 17:39 - 2015-01-27 17:39 - 00000000 ____D () C:\Users\Celador\Documents\DyingLight
2015-01-27 16:53 - 2015-01-27 16:53 - 00000202 _____ () C:\Users\Celador\Desktop\Dying Light.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 20:11 - 2014-04-30 05:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 20:00 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-26 19:59 - 2013-09-30 07:18 - 01805464 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-26 19:59 - 2013-09-30 06:58 - 00788882 _____ () C:\WINDOWS\system32\perfh019.dat
2015-02-26 19:59 - 2013-09-30 06:58 - 00161604 _____ () C:\WINDOWS\system32\perfc019.dat
2015-02-26 19:53 - 2013-08-22 17:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-26 19:53 - 2013-07-26 03:28 - 00000992 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 19:14 - 2013-02-04 03:13 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\XnView
2015-02-26 19:01 - 2013-02-03 18:11 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\uTorrent
2015-02-26 18:53 - 2013-12-16 11:57 - 00000896 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-26 18:20 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-26 16:02 - 2013-12-07 06:34 - 00003960 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8245C62-CF40-4723-9E78-59451522F00D}
2015-02-26 07:30 - 2013-02-04 03:09 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\vlc
2015-02-25 21:35 - 2015-01-23 14:37 - 00000000 ____D () C:\Users\Все пользователи\iSkysoft Video Converter Ultimate
2015-02-25 21:35 - 2015-01-23 14:37 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
2015-02-25 16:45 - 2013-02-03 16:55 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-48034526-3723981058-1979390203-1001
2015-02-25 02:35 - 2014-11-20 23:12 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\Skype
2015-02-24 23:20 - 2014-12-02 22:58 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\DSDCS
2015-02-21 20:29 - 2013-08-22 16:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-21 11:35 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-19 09:15 - 2014-03-10 08:32 - 00003532 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-02-19 09:15 - 2013-09-07 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 09:15 - 2013-03-13 22:40 - 00000000 ____D () C:\Users\Все пользователи\Package Cache
2015-02-19 09:15 - 2013-03-13 22:40 - 00000000 ____D () C:\Users\Все пользователи\Garmin
2015-02-19 09:15 - 2013-03-13 22:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 09:15 - 2013-03-13 22:40 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-18 14:47 - 2014-09-27 22:49 - 00000000 ____D () C:\Users\Celador\AppData\Local\Battle.net
2015-02-18 13:08 - 2013-03-13 10:56 - 00000000 ____D () C:\Users\Celador\Documents\Klei
2015-02-16 21:46 - 2013-02-04 04:36 - 00000000 ____D () C:\Users\Celador\Documents\my games
2015-02-16 11:41 - 2013-12-03 15:26 - 00000000 ____D () C:\Users\Celador
2015-02-15 02:41 - 2013-08-22 16:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-14 14:22 - 2013-12-25 03:24 - 00000000 ____D () C:\Users\Celador\Desktop\folder  (3)
2015-02-14 14:14 - 2013-02-04 04:19 - 00005296 _____ () C:\Users\Celador\Desktop\Текстовый документ.txt
2015-02-13 05:25 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-13 03:39 - 2013-08-22 17:44 - 05064704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 22:51 - 2012-07-26 10:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-10 23:23 - 2013-02-04 04:46 - 00000000 ____D () C:\Users\Все пользователи\Origin
2015-02-10 23:23 - 2013-02-04 04:46 - 00000000 ____D () C:\ProgramData\Origin
2015-02-10 22:45 - 2013-02-04 04:46 - 00000000 ____D () C:\Users\Celador\AppData\Roaming\Origin
2015-02-10 22:45 - 2013-02-04 04:46 - 00000000 ____D () C:\Users\Celador\AppData\Local\Origin
2015-02-05 19:36 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\ELAMBKUP
2015-02-05 19:16 - 2015-01-20 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CH Trainer Manager
2015-02-05 19:16 - 2015-01-08 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YGOPro
2015-02-04 21:53 - 2013-12-16 11:57 - 00003784 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 00:51 - 2013-07-26 03:28 - 00003968 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 00:51 - 2013-07-26 03:28 - 00003732 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 00:51 - 2013-07-26 03:28 - 00000996 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 22:31 - 2013-08-22 18:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 22:31 - 2013-08-22 18:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 20:04 - 2014-07-21 21:01 - 00000000 ____D () C:\Minidump
2015-02-02 01:33 - 2015-01-23 21:14 - 00000022 ____C () C:\WINDOWS\GPU-Z.INI
2015-02-02 01:32 - 2015-01-23 21:12 - 00000535 _____ () C:\Users\Public\Desktop\ASUS GPU Tweak.lnk
2015-02-02 01:32 - 2015-01-23 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-02-02 01:32 - 2013-09-18 21:05 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-01-30 21:11 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-01-29 17:49 - 2013-02-04 02:18 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-28 16:46 - 2013-02-04 08:14 - 00002168 _____ () C:\Users\Celador\Desktop\Мои документы.lnk
2015-01-28 16:35 - 2013-07-17 04:21 - 00000000 ____D () C:\Users\Celador\AppData\Local\Apps\2.0

==================== Files in the root of some directories =======

2013-05-29 05:47 - 2013-05-29 05:47 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-02-14 14:58 - 2014-10-28 14:21 - 0000132 _____ () C:\Users\Celador\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-11-06 16:49 - 2013-11-08 22:03 - 1065984 _____ () C:\Users\Celador\AppData\Local\file__0.localstorage
2014-06-17 15:47 - 2014-06-17 15:47 - 0000000 ___SH () C:\Users\Celador\AppData\Local\LumaEmu
2013-02-08 06:55 - 2013-02-08 06:55 - 0007605 _____ () C:\Users\Celador\AppData\Local\Resmon.ResmonCfg
2013-09-19 01:21 - 2013-09-19 01:22 - 0000007 _____ () C:\Users\Celador\AppData\Local\~wmrg
2015-02-05 19:35 - 2015-02-05 19:35 - 0268602 _____ () C:\ProgramData\1423154085.bdinstall.bin

Some content of TEMP:
====================
C:\Users\Celador\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 21:54

==================== End Of Log ============================


Edited by Aurelis, 26 February 2015 - 04:01 PM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 PM

Posted 03 March 2015 - 12:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568396 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 PM

Posted 08 March 2015 - 11:45 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users