Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware playing audio ads in the background


  • This topic is locked This topic is locked
4 replies to this topic

#1 linknate

linknate

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 04 March 2015 - 03:43 AM

Hi,

 

So the problem is that after startup, I can hear advertisments playing in the background even though I currently have no programs open. I run Windows 7

If I open the Task Manager it shows that Internet Explorer is open and the website is an advertisement of some kind. I can't use End Task on it either.

It slows down the programs that require the internet

 

I ran malware scanners such as

 

Hitman Pro

Malwarebytes

Adaware

EEK

Comodo Cleaning Essentials

 

and my antivirus Trend Micro and Microsoft Security Essentials but the problem couldn't be identified

 

So any advice on what to do next would be much appreciated

 

Thanks

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by User (administrator) on USER-PC on 04-03-2015 19:14:26
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Google Inc.) C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [CCE] => C:\Users\User\Documents\Programs\Anti Malware\Comodo Cleaning Essentials\CCE\CCE.exe [7002032 2012-07-09] (COMODO)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-13] (Google Inc.)
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6983168 2014-05-09] (FreeDownloadManager.ORG)
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\...\Run: [MusicManager] => C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-14] (Google Inc.)
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk
ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3592699937-1405755372-3412231820-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog9 11 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152] (Tencent)
Winsock: Catalog9 12 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152] (Tencent)
Winsock: Catalog9 13 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152] (Tencent)
Winsock: Catalog9 14 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152] (Tencent)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3592699937-1405755372-3412231820-1002: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3592699937-1405755372-3412231820-1002: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2015-03-01]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-10-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [52360 2012-11-22] (Mentor Graphics Corporation) [File not signed]
S3 SogouUpdate; C:\Program Files (x86)\SogouInput\7.4.0.4382\SogouUpdate.exe [256104 2014-11-27] (Sogou.com Inc.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-10-17] (SolidWorks) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 KromtechAccountService; "C:\Program Files\Kromtech\Common\AccountService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; C:\Users\User\Documents\Programs\Anti Malware\EEK\bin\cleanhlp64.sys [57024 2015-02-25] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-14] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R1 QqGameMasterControl; C:\Windows\system32\drivers\QMTgpNetflow764.sys [47928 2013-12-12] (tencent)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-03-03] (TENCENT)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-02] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-14] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-16] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-23] (Trend Micro Inc.)
S0 wayuia; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.5.15800.209\QMUdisk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 19:14 - 2015-03-04 19:14 - 00023039 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-04 19:14 - 2015-03-04 19:14 - 00000000 ____D () C:\FRST
2015-03-04 19:02 - 2015-03-04 19:02 - 02092544 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-03-04 18:57 - 2015-03-04 18:57 - 00000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-03-04 18:52 - 2015-03-04 18:52 - 03007700 _____ () C:\Users\User\Downloads\revouninstaller.zip
2015-03-03 19:31 - 2015-03-03 19:31 - 00001998 _____ () C:\Users\User\Desktop\aswMBR.txt
2015-03-03 19:31 - 2015-03-03 19:31 - 00000512 _____ () C:\Users\User\Desktop\MBR.dat
2015-03-03 18:19 - 2015-03-03 18:19 - 05200384 _____ (AVAST Software) C:\Users\User\Downloads\aswmbr.exe
2015-03-03 18:00 - 2015-03-03 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-03 18:00 - 2015-03-03 18:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 18:00 - 2015-03-03 18:00 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 17:58 - 2015-03-03 18:18 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-03-03 17:58 - 2015-03-03 17:58 - 16502728 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.09.1.1004.exe
2015-03-02 19:33 - 2015-03-02 19:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Free Download Manager
2015-03-02 19:32 - 2015-03-02 19:32 - 00001071 _____ () C:\Users\User\Desktop\Free Download Manager.lnk
2015-03-02 19:32 - 2015-03-02 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-03-02 03:39 - 2015-03-02 03:44 - 00000000 ____D () C:\AdwCleaner
2015-03-02 00:07 - 2013-10-05 00:29 - 00421744 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll
2015-03-01 19:20 - 2015-03-01 19:20 - 00003116 _____ () C:\Windows\System32\Tasks\{9C571690-9FCB-4D1E-84FA-FCADA5398B3E}
2015-03-01 17:52 - 2015-03-01 17:52 - 00000118 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 00:25 - 2015-03-02 09:43 - 00000000 ___SD () C:\ComboFix
2015-03-01 00:24 - 2015-03-01 00:24 - 00030958 _____ () C:\ComboFix.txt
2015-03-01 00:20 - 2015-03-04 18:39 - 00001458 _____ () C:\Windows\PFRO.log
2015-02-28 15:23 - 2015-02-28 15:23 - 00002070 _____ () C:\Users\User\Desktop\tgp_daemon.lnk
2015-02-28 15:21 - 2015-02-28 15:21 - 00003182 _____ () C:\Windows\System32\Tasks\{1A4631D8-148E-47F0-B9A7-4C7488FBD4DE}
2015-02-28 14:50 - 2015-02-28 15:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\deluge
2015-02-28 14:49 - 2015-03-02 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2015-02-28 14:49 - 2015-02-28 14:49 - 00000983 _____ () C:\Users\Public\Desktop\Deluge.lnk
2015-02-28 14:49 - 2015-02-28 14:49 - 00000000 ____D () C:\Program Files (x86)\Deluge
2015-02-28 14:48 - 2015-02-28 14:48 - 00003118 _____ () C:\Windows\System32\Tasks\{361E1330-9D8E-4D02-B258-FCC182DE75E5}
2015-02-28 01:20 - 2015-03-02 19:32 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2015-02-28 00:41 - 2015-03-01 00:25 - 00000000 ____D () C:\Windows\erdnt
2015-02-28 00:41 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-27 16:27 - 2015-02-27 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Awesomium
2015-02-27 15:42 - 2015-02-27 15:42 - 00001102 _____ () C:\Users\Public\Desktop\腾讯游戏平台.lnk
2015-02-27 15:41 - 2015-02-27 15:41 - 00000000 ____D () C:\Program Files (x86)\Tencent
2015-02-27 15:35 - 2015-02-27 16:26 - 00000000 ____D () C:\ProgramData\Tencent
2015-02-27 15:34 - 2015-03-03 22:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tencent
2015-02-27 15:25 - 2015-02-27 15:25 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA
2015-02-27 15:18 - 2015-02-27 15:18 - 00000000 ____D () C:\Windows\pss
2015-02-27 15:16 - 2015-02-06 04:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-27 15:11 - 2015-02-27 15:52 - 132740856 ____H () C:\Users\User\Downloads\msert.exe
2015-02-27 00:42 - 2015-02-27 00:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\LavasoftStatistics
2015-02-26 22:54 - 2015-02-27 14:40 - 00000000 ____D () C:\Users\User\AppData\Local\tyranode
2015-02-26 19:02 - 2015-02-26 19:03 - 00000000 ____D () C:\CCE_Quarantine
2015-02-26 14:46 - 2015-02-26 14:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-26 14:46 - 2015-02-26 14:46 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-26 14:40 - 2015-03-03 22:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-26 14:33 - 2015-03-02 19:40 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-26 14:33 - 2015-03-02 09:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-26 13:17 - 2015-01-09 14:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 13:17 - 2015-01-09 14:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 13:17 - 2015-01-09 14:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 13:17 - 2015-01-09 13:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 22:33 - 2015-02-26 14:33 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2015-02-25 22:33 - 2015-02-26 14:33 - 00000190 _____ () C:\Windows\system32\eamclean.dat
2015-02-25 20:04 - 2015-03-01 00:12 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-25 20:04 - 2015-02-25 20:04 - 00001121 _____ () C:\Users\User\Desktop\Dropbox.lnk
2015-02-25 20:02 - 2015-02-25 20:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-25 20:00 - 2015-03-01 00:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-25 19:48 - 2015-01-09 10:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 19:48 - 2015-01-09 10:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 19:46 - 2015-02-25 19:46 - 00001610 _____ () C:\Windows\system32\.crusader
2015-02-25 19:40 - 2015-02-26 19:07 - 00001410 _____ () C:\Users\User\Desktop\Start Emsisoft Emergency Kit.lnk
2015-02-25 19:28 - 2015-02-25 19:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-25 19:12 - 2015-02-27 14:10 - 00000000 ___RD () C:\Users\User\Google Drive
2015-02-24 03:42 - 2015-02-24 03:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-24 03:42 - 2015-02-24 03:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-24 02:05 - 2015-02-24 02:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2015-02-24 00:55 - 2015-02-24 00:55 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-24 00:55 - 2015-02-24 00:55 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-24 00:54 - 2015-02-24 00:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-24 00:54 - 2015-02-24 00:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-21 04:26 - 2015-02-21 04:38 - 00000000 ____D () C:\Users\User\AppData\Local\MogiOriginsDemo
2015-02-20 01:18 - 2015-02-20 01:18 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-20 01:18 - 2015-02-20 01:18 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-20 01:18 - 2015-02-20 01:18 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-20 01:10 - 2015-02-20 01:10 - 00012288 _____ () C:\Windows\d3dx.dat
2015-02-19 20:31 - 2015-02-14 18:41 - 71344495 _____ () C:\Users\User\Desktop\datafile.bin.2.119.5029.6.backup
2015-02-19 20:31 - 2015-02-14 18:41 - 47098725 _____ () C:\Users\User\Desktop\xml.dat.2.119.5029.6.backup
2015-02-19 01:05 - 2015-02-19 01:05 - 00262144 ____N () C:\Windows\Minidump\021915-10592-01.dmp
2015-02-12 16:31 - 2015-01-23 15:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 16:31 - 2015-01-23 15:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 16:31 - 2015-01-23 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 16:31 - 2015-01-23 14:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 12:41 - 2015-02-04 14:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:41 - 2015-02-04 14:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:41 - 2015-02-04 14:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:41 - 2015-02-04 14:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:41 - 2015-02-04 14:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:41 - 2015-02-04 14:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:41 - 2015-02-04 14:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:41 - 2015-01-28 10:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:41 - 2015-01-14 16:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:41 - 2015-01-14 16:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 12:41 - 2015-01-12 14:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:41 - 2015-01-12 14:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:41 - 2015-01-12 14:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:41 - 2015-01-12 13:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:41 - 2015-01-12 13:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:41 - 2015-01-12 13:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:41 - 2015-01-12 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:41 - 2015-01-12 13:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:41 - 2015-01-12 13:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:41 - 2015-01-12 13:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:41 - 2015-01-12 13:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:41 - 2015-01-12 13:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:41 - 2015-01-12 13:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:41 - 2015-01-12 13:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 12:41 - 2015-01-12 13:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:41 - 2015-01-12 13:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 12:41 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:41 - 2015-01-12 13:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:41 - 2015-01-12 13:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 12:41 - 2015-01-12 13:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:41 - 2015-01-12 13:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:41 - 2015-01-12 13:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 12:41 - 2015-01-12 13:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 12:41 - 2015-01-12 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 12:41 - 2015-01-12 13:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:41 - 2015-01-12 13:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 12:41 - 2015-01-12 13:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 12:41 - 2015-01-12 12:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 12:41 - 2015-01-12 12:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 12:41 - 2015-01-12 12:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 12:41 - 2015-01-12 12:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:41 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:41 - 2015-01-12 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:41 - 2015-01-12 12:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:41 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 12:41 - 2015-01-12 12:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:41 - 2015-01-12 12:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 12:41 - 2015-01-12 12:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 12:41 - 2015-01-12 12:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 12:41 - 2015-01-12 12:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 12:41 - 2015-01-12 12:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:41 - 2015-01-12 12:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 12:41 - 2015-01-12 12:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 12:41 - 2015-01-12 12:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 12:41 - 2015-01-12 12:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 12:41 - 2015-01-12 12:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:41 - 2015-01-12 12:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:41 - 2015-01-12 12:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 12:41 - 2015-01-12 11:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 12:41 - 2015-01-12 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 12:41 - 2015-01-10 17:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:41 - 2015-01-10 17:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:41 - 2015-01-10 17:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:41 - 2015-01-10 17:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:41 - 2015-01-10 17:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:41 - 2015-01-10 17:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:41 - 2015-01-10 17:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:41 - 2015-01-10 17:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 12:41 - 2015-01-10 17:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 12:41 - 2015-01-10 17:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 12:41 - 2015-01-10 17:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 12:41 - 2015-01-10 17:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 12:41 - 2015-01-10 17:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 12:41 - 2015-01-10 17:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 12:40 - 2015-01-15 19:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:40 - 2015-01-15 19:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:40 - 2015-01-15 19:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:40 - 2015-01-15 19:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:40 - 2015-01-15 19:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:40 - 2015-01-15 19:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:40 - 2015-01-15 19:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:40 - 2015-01-15 19:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:40 - 2015-01-15 19:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:40 - 2015-01-15 19:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:40 - 2015-01-15 19:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:40 - 2015-01-15 18:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 12:40 - 2015-01-15 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 12:40 - 2015-01-15 18:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 12:40 - 2015-01-15 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 12:40 - 2015-01-15 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 12:40 - 2015-01-15 18:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 12:40 - 2015-01-15 15:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:40 - 2015-01-14 17:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:40 - 2015-01-14 16:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 12:40 - 2015-01-13 14:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:40 - 2015-01-13 13:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 12:40 - 2014-12-12 16:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:40 - 2014-12-12 16:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 12:40 - 2014-12-08 14:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:40 - 2014-12-08 13:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 12:40 - 2014-11-26 14:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 12:40 - 2014-11-26 14:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 12:39 - 2015-01-14 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 12:39 - 2015-01-14 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 12:39 - 2015-01-14 17:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 12:39 - 2015-01-14 16:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 12:39 - 2015-01-14 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 12:39 - 2015-01-09 13:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 19:01 - 2014-10-13 12:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 18:59 - 2014-12-21 00:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:47 - 2009-07-14 15:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 18:47 - 2009-07-14 15:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 18:44 - 2014-10-13 12:21 - 01596064 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 18:43 - 2014-10-13 12:23 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-03-04 18:42 - 2014-10-13 12:35 - 00006462 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-04 18:39 - 2014-12-07 01:00 - 00028213 _____ () C:\Windows\setupact.log
2015-03-04 18:39 - 2014-10-13 17:03 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-03-04 18:39 - 2014-10-13 12:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-04 18:39 - 2014-10-13 12:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 18:39 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 00:19 - 2015-01-20 19:06 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3592699937-1405755372-3412231820-1002UA.job
2015-03-03 23:58 - 2014-10-13 17:20 - 00000000 ____D () C:\Users\User\Documents\Outlook Files
2015-03-03 22:25 - 2014-10-13 22:26 - 00000040 _____ () C:\ProgramData\DT0001.dat
2015-03-03 22:25 - 2014-10-13 20:55 - 00000040 _____ () C:\ProgramData\DT0006.dat
2015-03-03 22:23 - 2014-10-13 20:43 - 00910992 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2015-03-03 22:16 - 2014-10-13 20:47 - 00000000 __SHD () C:\Users\User\wc
2015-03-03 18:00 - 2015-01-03 17:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 09:43 - 2014-10-13 17:26 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-03-02 09:43 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\registration
2015-03-01 23:58 - 2009-07-14 16:13 - 00785858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-01 19:19 - 2014-11-23 17:07 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-03-01 15:19 - 2015-01-20 19:06 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3592699937-1405755372-3412231820-1002Core.job
2015-03-01 00:20 - 2009-07-14 13:34 - 00000215 ____N () C:\Windows\system.ini
2015-03-01 00:19 - 2009-07-14 13:34 - 33292288 _____ () C:\Windows\system32\config\system.bak
2015-03-01 00:19 - 2009-07-14 13:34 - 103923712 _____ () C:\Windows\system32\config\software.bak
2015-03-01 00:19 - 2009-07-14 13:34 - 00299008 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-01 00:19 - 2009-07-14 13:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-01 00:19 - 2009-07-14 13:34 - 00024576 _____ () C:\Windows\system32\config\SAM.bak
2015-02-28 15:18 - 2014-10-13 18:34 - 00000000 ____D () C:\Users\User\Gaming
2015-02-28 14:49 - 2014-10-13 19:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2015-02-28 14:42 - 2014-10-13 17:21 - 00122568 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-28 14:40 - 2014-10-27 22:30 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2015-02-28 01:09 - 2014-10-13 21:25 - 00000000 ____D () C:\Users\User\Downloads\e
2015-02-28 00:57 - 2009-07-14 13:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2015-02-28 00:45 - 2009-07-14 15:45 - 00436592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-28 00:13 - 2014-10-13 12:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-27 15:17 - 2014-10-13 12:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-27 15:17 - 2014-10-13 12:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-27 15:16 - 2014-10-13 17:56 - 00000000 ____D () C:\temp
2015-02-27 15:03 - 2014-10-13 17:19 - 00769724 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-27 15:01 - 2014-12-21 18:27 - 00002750 _____ () C:\Windows\IE11_main.log
2015-02-26 20:22 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\tracing
2015-02-26 13:55 - 2014-10-13 18:18 - 00000000 ____D () C:\Users\User\Documents\transfer
2015-02-26 03:00 - 2014-10-13 19:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\HandBrake
2015-02-25 02:11 - 2014-10-13 17:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-25 02:09 - 2009-07-14 13:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-20 23:06 - 2014-10-13 12:23 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 01:18 - 2014-11-11 15:50 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-20 01:18 - 2014-10-14 16:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-20 01:18 - 2014-10-14 16:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-20 01:18 - 2014-10-13 12:35 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-20 01:18 - 2014-10-13 12:35 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-20 01:18 - 2014-10-13 12:35 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-20 01:18 - 2014-10-13 12:35 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-20 01:18 - 2014-10-13 12:34 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-19 13:30 - 2014-10-13 20:44 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 15:04 - 2014-10-17 14:58 - 00000000 ____D () C:\Users\User\Desktop\Jasmin
2015-02-16 01:14 - 2009-07-14 16:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 18:41 - 2014-12-18 16:59 - 47098725 _____ () C:\Users\User\Desktop\xml.dat
2015-02-13 05:38 - 2014-11-23 17:04 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-02-13 04:49 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 21:15 - 2014-10-13 20:45 - 01348152 _____ (Tencent) C:\Windows\SysWOW64\ierd_tgp_lsp.dll
2015-02-12 03:22 - 2014-12-10 23:11 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:22 - 2014-10-13 19:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:05 - 2013-08-31 22:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:01 - 2013-08-31 22:10 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 06:07 - 2014-10-13 12:35 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-06 06:07 - 2014-10-13 12:35 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-06 06:07 - 2014-10-13 12:35 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-06 06:07 - 2014-10-13 12:35 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-06 06:07 - 2014-10-13 12:35 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-06 06:06 - 2014-10-13 12:35 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 23:55 - 2014-10-13 12:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 23:55 - 2014-10-13 12:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 23:50 - 2014-10-13 12:35 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-05 17:59 - 2014-12-21 00:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 17:59 - 2014-10-17 12:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 17:59 - 2014-10-17 12:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 15:14 - 2015-01-20 19:06 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3592699937-1405755372-3412231820-1002UA
2015-02-04 15:14 - 2015-01-20 19:06 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3592699937-1405755372-3412231820-1002Core

==================== Files in the root of some directories =======

2015-02-24 00:53 - 2015-02-24 01:31 - 0000115 _____ () C:\Users\User\AppData\Roaming\LogFile.txt
2014-10-13 20:47 - 2014-10-13 20:47 - 0000038 ___SH () C:\Users\User\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-10-13 17:25 - 2014-10-13 17:25 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-03-04 18:57 - 2015-03-04 18:57 - 0000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-01-03 17:03 - 2015-01-03 17:03 - 0007607 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-10-13 12:28 - 2014-10-13 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-13 22:26 - 2015-03-03 22:25 - 0000040 _____ () C:\ProgramData\DT0001.dat
2014-10-13 20:55 - 2015-03-03 22:25 - 0000040 _____ () C:\ProgramData\DT0006.dat

Files to move or delete:
====================
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\uninst.exe
C:\Users\User\AppData\Local\Temp\uninstall_complete.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-23 18:57

==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 08 March 2015 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 KromtechAccountService; "C:\Program Files\Kromtech\Common\AccountService.exe" [X]
S0 wayuia; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.5.15800.209\QMUdisk64.sys [X]
CustomCLSID: HKU\S-1-5-21-3592699937-1405755372-3412231820-1002_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\User\AppData\Roaming\dmxnowzy\tivesen.dll () <==== ATTENTION
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\uninst.exe
C:\Users\User\AppData\Local\Temp\uninstall_complete.exe
C:\Users\User\AppData\Roaming\dmxnowzy

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#3 linknate

linknate
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 11 March 2015 - 12:49 AM

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2015 01
Ran by User at 2015-03-10 23:50:26 Run:1
Running from C:\Users\User\Documents\Programs\Anti Malware\FRST
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 KromtechAccountService; "C:\Program Files\Kromtech\Common\AccountService.exe" [X]
S0 wayuia; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.5.15800.209\QMUdisk64.sys [X]
CustomCLSID: HKU\S-1-5-21-3592699937-1405755372-3412231820-1002_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\User\AppData\Roaming\dmxnowzy\tivesen.dll () <==== ATTENTION
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\uninst.exe
C:\Users\User\AppData\Local\Temp\uninstall_complete.exe
C:\Users\User\AppData\Roaming\dmxnowzy

End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3592699937-1405755372-3412231820-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => Key deleted successfully.
Amsp => Unable to stop service
Amsp => Error deleting Service
KromtechAccountService => Service deleted successfully.
wayuia => Service deleted successfully.
catchme => Service deleted successfully.
gdrv => Service deleted successfully.
QMUdisk => Service deleted successfully.
"HKU\S-1-5-21-3592699937-1405755372-3412231820-1002_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
C:\ProgramData\DT0001.dat => Moved successfully.
C:\ProgramData\DT0006.dat => Moved successfully.
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\uninst.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\uninstall_complete.exe => Moved successfully.
C:\Users\User\AppData\Roaming\dmxnowzy => Moved successfully.

The system needed a reboot.

==== End of Fixlog 23:50:32 ====

 

 

checkup.txt

 

 Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Trend Micro Titanium Internet Security  
Microsoft Security Essentials           
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Reader XI 
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 User Documents Programs Anti Malware\SecurityCheck.exe
 Trend Micro AMSP coreServiceShell.exe 
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro AMSP coreFrameworkHost.exe 
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

 

 

Everything seems to be running fine now and I haven't seen the ads come back since.

 

Thank you very much for the help nasdaq
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 11 March 2015 - 08:34 AM

Looking good.

You have the latest version of Java.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 16 March 2015 - 07:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users