Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with EmieBrowser, $Recycle.Bin, non working .exe's


  • This topic is locked This topic is locked
10 replies to this topic

#1 rockyrocks1

rockyrocks1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 20 March 2015 - 01:09 AM

Hi,

 

I have been struggling with this virus for almost 10 hours now! It all started after I found some random shortcuts and and a $Recycle.Bin folders and then after I connected my external HDD, which got infected, which in turn I connected to another laptop which also got infected! I had realised too late that it was a virus :(

 

Now there are three files in AppData folder, all related to EmieBrowser.

 

I tried a dozen tools but none worked to remove this. Malwarebytes didn't even recognize, nor did Macafee. Then suddenly my .exes stopped working. I get " Windows cannot find [Path] make sure you typed the name correctly and then try again".

I again tried many tools for that none worked!

 

But everything does work in Safe Mode. I had to create the FRST logs and DDS logs in safemode only since the exe and .com doesn't work normally.

 

______________________________________________________________________

FRST.txt log

----------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Chamakura (administrator) on CHAMAKURA-PC on 20-03-2015 10:56:41
Running from C:\Users\Chamakura\Desktop
Loaded Profiles: Chamakura (Available profiles: Chamakura)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2014-07-25] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3718548913-3595093036-601815092-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3718548913-3595093036-601815092-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3718548913-3595093036-601815092-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3718548913-3595093036-601815092-1000 -> DefaultScope {C326BA06-5E24-4CC2-837C-4830699C9559} URL = https://in.search.yahoo.com/search?fr=mcafee&type=B011IN826D20140825&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3718548913-3595093036-601815092-1000 -> {C326BA06-5E24-4CC2-837C-4830699C9559} URL = https://in.search.yahoo.com/search?fr=mcafee&type=B011IN826D20140825&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-12-05] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-12-05] (Internet Download Manager, Tonec Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.137.1

FireFox:
========
FF ProfilePath: C:\Users\Chamakura\AppData\Roaming\Mozilla\Firefox\Profiles\luqm414k.default
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=%5EBBH%5EOSJ000%5EYY%5EIN&gct=hp&apn_ptnrs=BBH&apn_dtid=%5EOSJ000%5EYY%5EIN&apn_dbr=ff_35.0.0.5486&apn_uid=D1752B07-D0BF-45E6-8DE3-8AC521627490&itbv=12.23.0.15&doi=2015-01-25&psv=&pt=tb
FF Keyword.URL: https://in.search.yahoo.com/search?fr=mcafee&type=B111IN826D20140825&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3718548913-3595093036-601815092-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Chamakura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3718548913-3595093036-601815092-1000: @talk.google.com/O1DPlugin -> C:\Users\Chamakura\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3718548913-3595093036-601815092-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Chamakura\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3718548913-3595093036-601815092-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Chamakura\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chamakura\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Chamakura\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-03-06]
FF Extension: FEBE - C:\Users\Chamakura\AppData\Roaming\Mozilla\Firefox\Profiles\luqm414k.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-01-20]
FF Extension: Adblock Plus - C:\Users\Chamakura\AppData\Roaming\Mozilla\Firefox\Profiles\luqm414k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-25]
FF HKU\S-1-5-21-3718548913-3595093036-601815092-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Chamakura\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Chamakura\AppData\Roaming\IDM\idmmzcc5 [2015-01-23]
FF HKU\S-1-5-21-3718548913-3595093036-601815092-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3718548913-3595093036-601815092-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Chamakura\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://in.search.yahoo.com/search?fr=mcafee&type=B211IN826D20140825&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Google Docs) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09]
CHR Extension: (Google Drive) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09]
CHR Extension: (Google Search) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09]
CHR Extension: (Google Sheets) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09]
CHR Extension: (SiteAdvisor) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-10-11]
CHR Extension: (IDM Integration Module) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-09-09]
CHR Extension: (Hangouts) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-09]
CHR Extension: (Gmail) - C:\Users\Chamakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-27]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-27]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2013-12-24] (Connectify) [File not signed]
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2014-07-25] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-07-25] (Broadcom Corporation.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2014-12-06] (Connectify)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-20] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 McMPFSvc; No ImagePath
S4 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 10:56 - 2015-03-20 10:57 - 00016788 _____ () C:\Users\Chamakura\Desktop\FRST.txt
2015-03-20 10:56 - 2015-03-20 10:56 - 00000000 ____D () C:\FRST
2015-03-20 10:55 - 2015-03-20 10:55 - 00018633 _____ () C:\Users\Chamakura\Desktop\dds.txt
2015-03-20 10:55 - 2015-03-20 10:55 - 00014151 _____ () C:\Users\Chamakura\Desktop\attach.txt
2015-03-20 10:50 - 2015-03-20 10:50 - 02095616 _____ (Farbar) C:\Users\Chamakura\Desktop\FRST64.exe
2015-03-20 10:50 - 2015-03-20 10:50 - 00688992 ____R (Swearware) C:\Users\Chamakura\Desktop\dds.com
2015-03-20 10:45 - 2015-03-20 10:45 - 00025338 _____ () C:\ComboFix.txt
2015-03-20 10:39 - 2015-03-20 10:45 - 00000000 ____D () C:\Qoobox
2015-03-20 10:39 - 2015-03-20 10:44 - 00000000 ____D () C:\Windows\erdnt
2015-03-20 10:39 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-20 10:39 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-20 10:39 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-20 10:39 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-20 10:39 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-20 10:39 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe
2015-03-20 10:39 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe
2015-03-20 10:39 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe
2015-03-20 10:37 - 2015-03-20 10:39 - 00002226 _____ () C:\Users\Chamakura\Desktop\Rkill.txt
2015-03-20 10:30 - 2015-03-20 10:30 - 05615380 ____R (Swearware) C:\Users\Chamakura\Desktop\ComboFix.exe
2015-03-20 10:29 - 2015-03-20 10:29 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Chamakura\Desktop\rkill.com
2015-03-20 05:24 - 2015-03-20 05:24 - 00000886 _____ () C:\Users\Chamakura\Desktop\exe_fix_w7.zip
2015-03-20 05:12 - 2015-03-20 05:12 - 00001213 _____ () C:\Users\Chamakura\Desktop\fgj.reg
2015-03-20 04:54 - 2015-03-20 04:54 - 06163602 _____ () C:\Users\Chamakura\Desktop\CHAMAKURA-PC.arn
2015-03-20 04:42 - 2015-03-20 05:12 - 00001213 _____ () C:\Users\Chamakura\Desktop\abc.reg
2015-03-20 04:21 - 2015-03-20 04:24 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-20 04:21 - 2015-03-20 04:21 - 00000000 ____D () C:\Users\Chamakura\AppData\Local\MFAData
2015-03-20 04:21 - 2015-03-20 04:21 - 00000000 ____D () C:\Users\Chamakura\AppData\Local\Avg2014
2015-03-20 04:17 - 2015-03-20 05:09 - 00000000 ____D () C:\Users\Chamakura\Desktop\AVG Internet Security 2014 build 4016 x64 [ThumperDC.COM]
2015-03-20 04:08 - 2015-03-20 04:08 - 00001043 _____ () C:\Users\Public\Desktop\FixUp Restrictions.lnk
2015-03-20 04:08 - 2015-03-20 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixUp Restrictions 0.3
2015-03-20 04:08 - 2015-03-20 04:08 - 00000000 ____D () C:\Program Files (x86)\FixUp Restrictions
2015-03-20 04:00 - 2015-03-20 04:00 - 04848431 _____ () C:\Users\Chamakura\Desktop\FixUpRestrictions-0.3.rar
2015-03-20 04:00 - 2009-10-09 12:34 - 04929570 _____ (boussouira ) C:\Users\Chamakura\Desktop\FixUpRestrictions-0.3.exe
2015-03-20 03:59 - 2015-03-20 03:59 - 00761492 _____ () C:\Users\Chamakura\Desktop\regain_power_exe_v1.0.0.2_Beta.zip
2015-03-20 03:21 - 2015-03-20 03:21 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-20 03:20 - 2015-03-20 03:20 - 00029314 _____ () C:\Windows\system32\.crusader
2015-03-20 03:10 - 2015-03-20 03:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-20 03:07 - 2015-03-20 03:10 - 10995632 _____ (SurfRight B.V.) C:\Users\Chamakura\Desktop\HitmanPro_x64.exe
2015-03-20 02:37 - 2015-03-20 04:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 02:37 - 2015-03-20 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-20 02:36 - 2015-03-20 05:08 - 00000000 ____D () C:\Users\Chamakura\Desktop\_Keygen_
2015-03-20 02:36 - 2015-03-20 02:36 - 00000000 ____D () C:\Users\Chamakura\Desktop\_Setup_
2015-03-20 02:36 - 2015-03-20 02:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 02:36 - 2015-03-20 02:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-20 02:36 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-20 02:36 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-20 02:36 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 16:21 - 2015-03-18 16:21 - 00000000 ____D () C:\Users\Chamakura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-03-13 10:29 - 2015-03-13 10:29 - 00280272 _____ () C:\Windows\Minidump\031315-12948-01.dmp
2015-03-13 08:07 - 2015-03-13 08:07 - 00280272 _____ () C:\Windows\Minidump\031315-16489-01.dmp
2015-03-09 17:53 - 2015-03-09 18:39 - 375178669 _____ () C:\Users\Chamakura\Desktop\India's Daughter - Video Dailymotion.flv
2015-03-07 16:55 - 2015-03-07 16:55 - 00000693 _____ () C:\Users\Chamakura\Desktop\hard disk - Shortcut.lnk
2015-03-06 23:29 - 2015-03-19 22:49 - 00000000 ____D () C:\Users\Chamakura\Desktop\after 6.3.15
2015-03-06 07:59 - 2015-03-06 07:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 21:59 - 2015-03-04 21:59 - 00003086 _____ () C:\Windows\System32\Tasks\{286B525D-E418-4F60-850E-A02F1BC9F4EF}
2015-03-04 15:08 - 2015-03-04 15:08 - 00000000 ____H () C:\Users\Chamakura\Documents\Default.rdp
2015-03-02 15:09 - 2015-03-02 15:19 - 00000000 ____D () C:\Users\Chamakura\Desktop\CardRecovery.6.10.build.1210
2015-02-28 16:21 - 2015-02-28 16:21 - 00306619 _____ () C:\Users\Chamakura\Desktop\bookmarks.html
2015-02-19 12:31 - 2015-01-13 08:40 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-19 12:31 - 2015-01-13 08:19 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-19 12:30 - 2015-01-15 13:44 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-19 12:30 - 2015-01-15 13:44 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-19 12:30 - 2015-01-15 13:39 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-19 12:30 - 2015-01-15 13:39 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-19 12:30 - 2015-01-15 13:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-19 12:30 - 2015-01-15 13:39 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-19 12:30 - 2015-01-15 13:39 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-19 12:30 - 2015-01-15 13:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-19 12:30 - 2015-01-15 13:36 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-19 12:30 - 2015-01-15 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-19 12:30 - 2015-01-15 13:34 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-19 12:30 - 2015-01-15 13:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-19 12:30 - 2015-01-15 13:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-19 12:30 - 2015-01-15 13:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-19 12:30 - 2015-01-15 13:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-19 12:30 - 2015-01-15 13:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-19 12:30 - 2015-01-15 13:07 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-19 12:30 - 2015-01-15 09:52 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-19 12:30 - 2014-12-08 08:39 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-19 12:30 - 2014-12-08 08:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-19 12:29 - 2015-01-09 07:33 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-19 12:28 - 2015-01-14 11:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-19 12:28 - 2015-01-14 10:39 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-19 12:28 - 2015-01-12 08:39 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-19 12:28 - 2015-01-12 08:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-19 12:28 - 2015-01-12 08:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-19 12:28 - 2015-01-12 08:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-19 12:28 - 2015-01-12 08:18 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-19 12:28 - 2015-01-12 08:18 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-19 12:28 - 2015-01-12 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-19 12:28 - 2015-01-12 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-19 12:28 - 2015-01-12 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-19 12:28 - 2015-01-12 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-19 12:28 - 2015-01-12 08:06 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-19 12:28 - 2015-01-12 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-19 12:28 - 2015-01-12 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-19 12:28 - 2015-01-12 08:03 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-19 12:28 - 2015-01-12 08:02 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-19 12:28 - 2015-01-12 07:55 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-19 12:28 - 2015-01-12 07:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-19 12:28 - 2015-01-12 07:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-19 12:28 - 2015-01-12 07:51 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-19 12:28 - 2015-01-12 07:43 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-19 12:28 - 2015-01-12 07:38 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-19 12:28 - 2015-01-12 07:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-19 12:28 - 2015-01-12 07:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-19 12:28 - 2015-01-12 07:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-19 12:28 - 2015-01-12 07:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-19 12:28 - 2015-01-12 07:35 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-19 12:28 - 2015-01-12 07:34 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-19 12:28 - 2015-01-12 07:32 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-19 12:28 - 2015-01-12 07:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-19 12:28 - 2015-01-12 07:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-19 12:28 - 2015-01-12 07:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-19 12:28 - 2015-01-12 07:25 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-19 12:28 - 2015-01-12 07:25 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-19 12:28 - 2015-01-12 07:18 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-19 12:28 - 2015-01-12 07:18 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-19 12:28 - 2015-01-12 07:16 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-19 12:28 - 2015-01-12 07:16 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-19 12:28 - 2015-01-12 07:15 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-19 12:28 - 2015-01-12 07:13 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-19 12:28 - 2015-01-12 07:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-19 12:28 - 2015-01-12 07:06 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-19 12:28 - 2015-01-12 07:05 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-19 12:28 - 2015-01-12 07:03 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-19 12:28 - 2015-01-12 06:59 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-19 12:28 - 2015-01-12 06:57 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-19 12:28 - 2015-01-12 06:53 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-19 12:28 - 2015-01-12 06:53 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-19 12:28 - 2015-01-12 06:52 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-19 12:28 - 2015-01-12 06:44 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-19 12:28 - 2015-01-12 06:44 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-19 12:28 - 2015-01-12 06:32 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-19 12:28 - 2015-01-12 06:30 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-19 12:28 - 2015-01-12 06:26 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-19 12:28 - 2015-01-12 06:25 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-19 12:18 - 2015-01-10 12:18 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-19 12:18 - 2015-01-10 12:18 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-19 12:18 - 2015-01-10 12:18 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-19 12:18 - 2015-01-10 12:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-19 12:18 - 2015-01-10 12:18 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-19 12:18 - 2015-01-10 12:18 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-19 12:18 - 2015-01-10 12:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-19 12:18 - 2015-01-10 11:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-19 12:18 - 2015-01-10 11:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-19 12:18 - 2015-01-10 11:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-19 12:18 - 2015-01-10 11:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-19 12:18 - 2015-01-10 11:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-19 12:18 - 2015-01-10 11:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-19 12:18 - 2015-01-10 11:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-19 12:15 - 2015-01-14 11:39 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-19 12:15 - 2015-01-14 11:35 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-19 12:15 - 2015-01-14 11:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-19 12:15 - 2015-01-14 11:34 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-19 12:15 - 2015-01-14 11:14 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-19 12:15 - 2015-01-14 11:14 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-19 12:15 - 2015-01-14 11:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-19 09:19 - 2015-02-19 09:19 - 00280272 _____ () C:\Windows\Minidump\021915-16099-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 10:52 - 2014-09-09 09:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-20 10:52 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 10:52 - 2009-07-14 10:21 - 00065892 _____ () C:\Windows\setupact.log
2015-03-20 10:51 - 2014-07-24 20:46 - 01457387 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 10:51 - 2009-07-14 10:15 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 10:51 - 2009-07-14 10:15 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 10:49 - 2014-08-12 22:16 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718548913-3595093036-601815092-1000UA.job
2015-03-20 10:46 - 2010-11-21 09:17 - 00239606 _____ () C:\Windows\PFRO.log
2015-03-20 10:44 - 2009-07-14 08:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-20 10:43 - 2014-08-08 19:30 - 00000000 ____D () C:\Users\Chamakura\AppData\Local\Adobe
2015-03-20 10:43 - 2014-07-24 20:45 - 00000000 ____D () C:\Users\Chamakura
2015-03-20 10:36 - 2014-08-20 16:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 10:24 - 2014-09-09 09:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 09:13 - 2009-07-14 10:43 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 05:25 - 2011-06-19 08:54 - 00001823 _____ () C:\Users\Chamakura\Desktop\exe_fix_w7.reg
2015-03-20 04:38 - 2014-08-25 15:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-20 04:38 - 2014-08-25 12:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-20 03:59 - 2008-12-04 15:14 - 03051520 _____ (Debashis Maitra) C:\Users\Chamakura\Desktop\Regain Power.exe
2015-03-20 03:00 - 2014-07-29 09:59 - 00000000 ____D () C:\Users\Chamakura\AppData\Roaming\Nitro PDF
2015-03-19 12:50 - 2014-07-29 17:02 - 00000000 ____D () C:\Users\Chamakura\AppData\Roaming\vlc
2015-03-18 19:49 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-18 16:28 - 2014-08-12 22:16 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718548913-3595093036-601815092-1000Core.job
2015-03-14 22:32 - 2014-08-02 23:16 - 00000000 ____D () C:\Users\Chamakura\AppData\Roaming\DMCache
2015-03-14 20:04 - 2014-07-29 10:24 - 00000000 ___RD () C:\Users\Chamakura\Desktop\All short cuts
2015-03-14 07:23 - 2014-08-02 23:16 - 00000000 ____D () C:\Users\Chamakura\Downloads\Video
2015-03-13 21:36 - 2014-12-20 07:02 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-13 21:36 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\registration
2015-03-13 10:29 - 2014-12-22 14:07 - 00000000 ____D () C:\Windows\Minidump
2015-03-13 10:28 - 2014-12-22 14:07 - 267475580 _____ () C:\Windows\MEMORY.DMP
2015-03-10 23:04 - 2014-09-30 22:37 - 00000000 ____D () C:\Users\Chamakura\AppData\Roaming\Skype
2015-03-07 06:32 - 2014-07-26 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-04 21:59 - 2014-09-30 22:37 - 00000000 ____D () C:\ProgramData\Skype
2015-02-19 22:48 - 2015-02-13 23:53 - 00000000 ___SD () C:\Users\Chamakura\Documents\My Data Sources
2015-02-19 22:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\AppCompat
2015-02-19 16:20 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\rescache
2015-02-19 15:13 - 2009-07-14 10:15 - 00413152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-19 14:38 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-19 12:57 - 2014-07-29 09:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-19 12:55 - 2014-09-26 16:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-19 12:49 - 2014-09-26 16:06 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 14:18

==================== End Of Log ============================

 

Any help would be greatly appreciated! Thanks :)

 

I am not able to upload addition.txt. I get a Upload Skipped (Error IO) error? What should I do? I have posted it in pastebin if that is fine?

http://pastebin.com/SkiZhdeu

Edited by rockyrocks1, 20 March 2015 - 01:13 AM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 25 March 2015 - 01:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/570701 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rockyrocks1

rockyrocks1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 28 March 2015 - 03:51 AM

Hi, I tried to format the computer but after I did it and then used an old pen drive all of it again came up! Malwarebytes and AVG did detect and said they removed it but I can still see $Recycle.Bin and rest of the files. I am on Windows Ultimate 64bit.

 

Here are the new logs:

__________________________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by CAR (administrator) on CARSPC on 28-03-2015 14:14:17
Running from C:\Users\CAR\Downloads\Programs
Loaded Profiles: CAR (Available profiles: CAR)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO don.h@free.fr) G:\Roopu\npp.6.6.9.bin\notepad++.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2015-03-20] (Dell Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2378097660-3094109273-3362168154-1000\...\Run: [] => [X]
HKU\S-1-5-21-2378097660-3094109273-3362168154-1000\...\Run: [IDMan] => D:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-03-02] (Tonec Inc.)
HKU\S-1-5-21-2378097660-3094109273-3362168154-1000\...\RunOnce: [Adobe Speed Launcher] => 1427531566
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2378097660-3094109273-3362168154-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\CAR\AppData\Roaming\Mozilla\Firefox\Profiles\h3mawevn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> D:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\CAR\AppData\Roaming\Mozilla\Firefox\Profiles\h3mawevn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-22]
FF HKU\S-1-5-21-2378097660-3094109273-3362168154-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\CAR\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\CAR\AppData\Roaming\IDM\idmmzcc5 [2015-03-26]
FF HKU\S-1-5-21-2378097660-3094109273-3362168154-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\CAR\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1508656 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2015-03-20] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [58136 2014-12-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2015-03-20] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 14:13 - 2015-03-28 14:14 - 00000000 ____D () C:\FRST
2015-03-26 22:58 - 2015-03-26 22:58 - 00394826 _____ () C:\Users\CAR\Desktop\com_osmap_free_3.0.1.zip
2015-03-26 22:19 - 2015-03-26 22:21 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\IDM
2015-03-26 22:19 - 2015-03-26 22:19 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-26 22:19 - 2015-03-26 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-26 22:16 - 2015-03-28 04:40 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\DMCache
2015-03-26 22:16 - 2015-03-26 23:32 - 00000000 ____D () C:\Users\CAR\Downloads\Video
2015-03-26 22:16 - 2015-03-26 22:58 - 00000000 ____D () C:\Users\CAR\Downloads\Compressed
2015-03-26 22:16 - 2015-03-26 22:16 - 00000000 ____D () C:\ProgramData\IDM
2015-03-26 22:15 - 2015-03-19 15:21 - 06218392 _____ (Tonec Inc.) C:\Users\CAR\Desktop\idman623build7.exe
2015-03-26 22:15 - 2015-03-05 10:44 - 01668254 _____ () C:\Users\CAR\Desktop\IDMan.exe.6.23.3-MUFTAKiS.zip
2015-03-26 20:50 - 2015-03-26 20:50 - 00000000 ____D () C:\Users\CAR\Desktop\New folder
2015-03-26 20:40 - 2015-03-26 20:40 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-03-24 19:53 - 2015-03-24 19:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-03-22 19:43 - 2015-03-22 19:43 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-22 19:41 - 2015-03-22 19:41 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-22 19:41 - 2015-03-22 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-22 19:41 - 2015-03-22 19:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-22 19:40 - 2015-03-22 19:40 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-22 19:39 - 2015-03-22 19:39 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-22 19:39 - 2015-03-22 19:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-22 19:38 - 2015-03-22 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-22 19:38 - 2015-03-22 19:40 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-22 19:38 - 2015-03-22 19:38 - 00000000 __RHD () C:\MSOCache
2015-03-22 19:38 - 2015-03-22 19:38 - 00000000 ____D () C:\Users\CAR\AppData\Local\Microsoft Help
2015-03-22 19:38 - 2015-03-22 19:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-22 19:36 - 2015-03-22 19:37 - 00000000 ____D () C:\Users\CAR\Desktop\x64
2015-03-22 18:12 - 2015-03-22 18:12 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Nokia Suite
2015-03-22 18:12 - 2015-03-22 18:12 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Nokia
2015-03-22 17:57 - 2015-03-22 20:57 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Nitro PDF
2015-03-22 17:53 - 2015-03-22 17:53 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Nitro
2015-03-22 17:50 - 2015-03-22 17:50 - 00041778 _____ () C:\Users\CAR\Desktop\Admission into United States. Procedures at Port of Entry, Customs and I-94.htm
2015-03-22 17:50 - 2015-03-22 17:50 - 00001733 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2015-03-22 17:50 - 2015-03-22 17:50 - 00000000 ____D () C:\Users\CAR\Desktop\Admission into United States. Procedures at Port of Entry, Customs and I-94_files
2015-03-22 17:50 - 2013-11-12 20:08 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2015-03-22 17:50 - 2013-11-12 20:08 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2015-03-22 17:49 - 2015-03-22 17:49 - 00002531 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2015-03-22 17:49 - 2015-03-22 17:49 - 00000000 ____D () C:\ProgramData\Nitro
2015-03-22 17:49 - 2015-03-22 17:49 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2015-03-22 17:46 - 2015-03-22 17:46 - 00000000 ____D () C:\Users\CAR\Desktop\Nitro_Pro_9.0.4.5.rar
2015-03-22 17:46 - 2015-03-22 17:46 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Downloaded Installations
2015-03-22 17:46 - 2013-11-14 06:31 - 00000000 ____D () C:\Users\CAR\Desktop\Nitro_Pro_9.0.4.5
2015-03-22 17:45 - 2014-04-10 02:16 - 122890782 _____ () C:\Users\CAR\Desktop\Nitro_Pro_9.0.4.5.rar.rar
2015-03-22 15:56 - 2015-03-22 15:56 - 00000000 ____D () C:\Users\CAR\Documents\Nokia Suite
2015-03-22 15:49 - 2015-03-22 15:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2015-03-22 15:42 - 2015-03-22 15:55 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\PC Suite
2015-03-22 15:41 - 2015-03-22 15:49 - 00000000 ____D () C:\ProgramData\PC Suite
2015-03-22 15:41 - 2015-03-22 15:41 - 00002089 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk
2015-03-22 15:41 - 2015-03-22 15:41 - 00000000 ____D () C:\ProgramData\Nokia
2015-03-22 15:41 - 2015-03-22 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-03-22 15:40 - 2015-03-22 15:40 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution
2015-03-22 15:38 - 2015-03-22 15:41 - 00000000 ____D () C:\Program Files (x86)\Nokia
2015-03-22 15:38 - 2015-03-22 15:38 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2015-03-22 15:38 - 2015-03-05 02:52 - 106320648 _____ () C:\Users\CAR\Desktop\Nokia_Suite_webinstaller_ALL.exe
2015-03-22 15:32 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2015-03-22 15:31 - 2015-03-22 15:31 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-22 15:29 - 2013-01-23 10:31 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll
2015-03-22 15:27 - 2015-03-22 15:27 - 00000000 ____D () C:\Users\CAR\AppData\Local\NokiaAccount
2015-03-22 15:26 - 2015-03-22 15:44 - 00000000 ____D () C:\Users\CAR\AppData\Local\Nokia
2015-03-22 10:49 - 2015-03-22 10:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-22 10:49 - 2015-03-22 10:49 - 00001764 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-03-22 10:47 - 2015-03-22 10:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-22 02:45 - 2015-03-22 02:56 - 137956376 _____ (Dell Inc.) C:\Users\CAR\Downloads\Video_Driver_XGPWM_WN_9.17.10.3040_A12.EXE
2015-03-22 01:42 - 2015-03-28 14:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 01:42 - 2015-03-22 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-22 01:42 - 2015-03-22 01:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 01:42 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 01:42 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 01:42 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 01:41 - 2015-03-22 01:41 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\WinRAR
2015-03-22 01:41 - 2015-03-18 01:37 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\CAR\Downloads\mbam-setup-consumer-2.1.4.1018.exe
2015-03-22 01:41 - 2015-03-13 07:15 - 00001283 _____ () C:\Users\CAR\Downloads\KEY.txt
2015-03-22 01:37 - 2015-03-22 01:37 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 01:37 - 2015-03-22 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 01:34 - 2015-03-22 01:35 - 21840641 _____ () C:\Users\CAR\Downloads\MAM PV2141018.rar
2015-03-22 01:22 - 2015-03-22 10:53 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Adobe
2015-03-22 01:22 - 2015-03-22 01:22 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Macromedia
2015-03-22 01:22 - 2015-03-22 01:22 - 00000000 ____D () C:\Users\CAR\AppData\Local\Macromedia
2015-03-22 01:12 - 2015-03-22 01:12 - 00000000 ____D () C:\Users\CAR\Desktop\PD
2015-03-22 01:08 - 2014-01-25 02:14 - 01763268 ____R () C:\Users\CAR\Desktop\Windows 7 ACTIVATION.zip
2015-03-21 09:22 - 2015-03-24 05:18 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-21 09:22 - 2015-03-24 05:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-21 09:22 - 2015-03-21 09:22 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-03-21 09:22 - 2015-03-21 09:22 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-21 09:13 - 2015-03-24 05:18 - 00000000 ____D () C:\Users\CAR\AppData\Local\Adobe
2015-03-21 09:04 - 2015-03-21 09:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-03-21 09:04 - 2015-03-21 09:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-03-21 08:40 - 2015-03-20 19:21 - 00000000 ____D () C:\Windows\Panther
2015-03-21 08:14 - 2015-03-21 08:14 - 01760040 _____ () C:\Users\CAR\Downloads\wrar521.exe
2015-03-21 08:05 - 2015-03-21 08:12 - 28509232 _____ () C:\Users\CAR\Downloads\vlc-2.2.0-win32.exe
2015-03-21 07:46 - 2015-03-21 08:03 - 75858112 _____ (Adobe Systems Incorporated) C:\Users\CAR\Downloads\AdbeRdr11010_en_US.exe
2015-03-21 07:46 - 2015-03-21 07:46 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-03-21 07:45 - 2015-03-21 07:45 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-03-21 07:45 - 2015-03-21 07:45 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-03-21 07:44 - 2015-03-21 07:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-03-21 07:42 - 2015-03-28 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 07:42 - 2015-03-21 07:42 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-21 07:42 - 2015-03-21 07:42 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-21 07:42 - 2015-03-21 07:42 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\Mozilla
2015-03-21 07:42 - 2015-03-21 07:42 - 00000000 ____D () C:\Users\CAR\AppData\Local\Mozilla
2015-03-21 07:36 - 2015-03-21 07:41 - 40966232 _____ () C:\Users\CAR\Desktop\Firefox Setup 37.0b6.exe
2015-03-20 21:40 - 2015-03-20 21:41 - 00000123 _____ () C:\Users\CAR\Desktop\AVG IS 2015 Serials.txt
2015-03-20 21:40 - 2015-03-20 21:40 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\AVG2015
2015-03-20 21:39 - 2015-03-28 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-20 21:39 - 2015-03-20 21:39 - 00000000 ____D () C:\Users\CAR\AppData\Roaming\TuneUp Software
2015-03-20 21:38 - 2015-03-22 15:37 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-20 21:38 - 2015-03-20 21:38 - 00000000 ___HD () C:\$AVG
2015-03-20 21:38 - 2015-03-20 21:38 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-20 21:36 - 2015-03-21 07:16 - 00000000 ____D () C:\Users\CAR\AppData\Local\Avg2015
2015-03-20 21:33 - 2015-03-20 21:36 - 182043248 _____ (AVG Technologies) C:\Users\CAR\Desktop\avg_isct_x64_all_2015_5557a8402.exe
2015-03-20 19:51 - 2015-03-28 14:08 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-20 19:51 - 2015-03-20 19:51 - 00000000 ____D () C:\Users\CAR\AppData\Local\MFAData
2015-03-20 19:51 - 2015-03-20 19:51 - 00000000 ____D () C:\Users\CAR\AppData\Local\Avg2014
2015-03-20 19:45 - 2015-03-20 19:45 - 00772430 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-20 19:41 - 2015-03-20 19:41 - 00000000 ____D () C:\Users\CAR\Documents\Bluetooth Exchange Folder
2015-03-20 19:41 - 2015-03-20 19:41 - 00000000 ____D () C:\Users\CAR\AppData\Local\Broadcom
2015-03-20 19:41 - 2015-03-20 19:36 - 00598328 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2015-03-20 19:40 - 2015-03-22 15:32 - 00000000 ____D () C:\Program Files\DIFX
2015-03-20 19:40 - 2015-03-20 19:40 - 00000000 ____D () C:\Program Files\WIDCOMM
2015-03-20 19:40 - 2015-03-20 19:36 - 00210984 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2015-03-20 19:40 - 2015-03-20 19:36 - 00184144 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2015-03-20 19:40 - 2015-03-20 19:36 - 00165688 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2015-03-20 19:40 - 2015-03-20 19:36 - 00049611 _____ () C:\Windows\system32\Drivers\BCM43142A0_001.001.011.0084.0086.hex
2015-03-20 19:40 - 2015-03-20 19:36 - 00039976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2015-03-20 19:40 - 2015-03-20 19:36 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2015-03-20 19:39 - 2015-03-22 15:41 - 00039146 _____ () C:\Windows\DPINST.LOG
2015-03-20 19:39 - 2015-03-20 19:47 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-20 19:39 - 2015-03-20 19:39 - 00057560 _____ () C:\Users\CAR\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-20 19:39 - 2015-03-20 19:39 - 00000000 ____D () C:\Program Files\Dell
2015-03-20 19:39 - 2015-03-20 19:36 - 05443648 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS
2015-03-20 19:39 - 2015-03-20 19:36 - 04996096 _____ (Dell Inc.) C:\Windows\system32\bcmttls.dll
2015-03-20 19:39 - 2015-03-20 19:36 - 04961800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcredist_x64.exe
2015-03-20 19:39 - 2015-03-20 19:36 - 04378624 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2015-03-20 19:39 - 2015-03-20 19:36 - 03654656 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2015-03-20 19:39 - 2015-03-20 19:36 - 03161088 _____ (Microsoft Corporation) C:\Windows\system32\vcredist_x64.exe
2015-03-20 19:39 - 2015-03-20 19:36 - 01135104 _____ (Dell Inc.) C:\Windows\system32\BCMLogon.dll
2015-03-20 19:39 - 2015-03-20 19:36 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2015-03-20 19:39 - 2015-03-20 19:36 - 00073728 _____ (Broadcom Corporation) C:\Windows\system32\wltrynt.dll
2015-03-20 19:39 - 2015-03-20 19:36 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-03-20 19:39 - 2015-03-20 19:36 - 00022632 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm42rly.sys
2015-03-20 19:39 - 2015-03-20 19:36 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll
2015-03-20 19:39 - 2015-03-20 19:36 - 00000446 _____ () C:\Windows\SysWOW64\vcredist_x64.bat
2015-03-20 19:39 - 2015-03-20 19:36 - 00000445 _____ () C:\Windows\system32\vcredist_x64.bat
2015-03-20 19:37 - 2015-03-20 19:36 - 00021568 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmvwl64.sys
2015-03-20 19:35 - 2015-03-20 19:35 - 00000000 ____D () C:\ProgramData\Dell
2015-03-20 19:34 - 2015-03-20 19:34 - 00015336 _____ () C:\Windows\system32\results.xml
2015-03-20 19:33 - 2015-03-20 19:33 - 00000000 ____D () C:\ProgramData\Intel
2015-03-20 19:33 - 2015-03-20 19:33 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-03-20 19:33 - 2015-03-20 19:33 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-20 19:33 - 2012-08-23 16:08 - 00056832 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2015-03-20 19:33 - 2012-08-23 16:08 - 00056320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2015-03-20 19:31 - 2015-03-20 19:33 - 00000000 ____D () C:\Intel
2015-03-20 19:28 - 2015-03-20 19:28 - 00000000 ____D () C:\Dell
2015-03-20 19:28 - 2012-08-24 19:54 - 05899072 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-03-20 19:28 - 2012-08-24 19:54 - 00509248 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-03-20 19:28 - 2012-08-24 19:54 - 00441152 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-03-20 19:28 - 2012-08-24 19:54 - 00398656 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-03-20 19:28 - 2012-08-24 19:54 - 00276288 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-03-20 19:28 - 2012-08-24 19:54 - 00251712 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-03-20 19:28 - 2012-08-24 19:54 - 00170304 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-03-20 19:28 - 2012-08-24 19:53 - 00184640 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-03-20 19:28 - 2012-08-23 16:08 - 09007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 01981696 _____ () C:\Windows\system32\iglhxa64.cpa
2015-03-20 19:28 - 2012-08-23 16:08 - 00598780 _____ () C:\Windows\SysWOW64\igvpkrng700.bin
2015-03-20 19:28 - 2012-08-23 16:08 - 00598780 _____ () C:\Windows\system32\igvpkrng700.bin
2015-03-20 19:28 - 2012-08-23 16:08 - 00524800 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00519680 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-03-20 19:28 - 2012-08-23 16:08 - 00241664 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00216064 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00195584 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00180224 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2843.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00063488 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00059425 _____ () C:\Windows\system32\iglhxo64.vp
2015-03-20 19:28 - 2012-08-23 16:08 - 00059398 _____ () C:\Windows\system32\iglhxg64.vp
2015-03-20 19:28 - 2012-08-23 16:08 - 00059230 _____ () C:\Windows\system32\iglhxc64.vp
2015-03-20 19:28 - 2012-08-23 16:08 - 00059104 _____ () C:\Windows\system32\iglhxc64_dev.vp
2015-03-20 19:28 - 2012-08-23 16:08 - 00058796 _____ () C:\Windows\system32\iglhxg64_dev.vp
2015-03-20 19:28 - 2012-08-23 16:08 - 00058109 _____ () C:\Windows\system32\iglhxo64_dev.vp
2015-03-20 19:28 - 2012-08-23 16:08 - 00056832 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00056320 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-03-20 19:28 - 2012-08-23 16:08 - 00017026 _____ () C:\Windows\system32\iglhxs64.vp
2015-03-20 19:28 - 2012-08-23 16:08 - 00001074 _____ () C:\Windows\system32\iglhxa64.vp
2015-03-20 19:28 - 2012-08-23 16:07 - 27662848 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 27641856 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 27435520 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 21816320 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 12833280 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 12601856 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 11591168 _____ (Intel Corporation) C:\Windows\system32\ig7icd64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 11155968 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 11038208 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 09000256 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-03-20 19:28 - 2012-08-23 16:07 - 08576000 _____ (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 04571136 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 03776512 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 03582976 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 02899968 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00755048 _____ () C:\Windows\SysWOW64\igcodeckrng700.bin
2015-03-20 19:28 - 2012-08-23 16:07 - 00755048 _____ () C:\Windows\system32\igcodeckrng700.bin
2015-03-20 19:28 - 2012-08-23 16:07 - 00604160 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00501760 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00482304 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00448512 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00441856 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-03-20 19:28 - 2012-08-23 16:07 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-03-20 19:28 - 2012-08-23 16:07 - 00386048 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00330240 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00223233 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00209727 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00193862 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00173568 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00165865 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00163120 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00158727 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00149390 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00147759 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00147101 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00147010 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00145715 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00145211 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00144378 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00143976 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00143730 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00143657 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00142990 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00142617 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00142423 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00142008 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00141739 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00141574 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00140779 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00137621 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00137534 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00136873 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00132360 _____ () C:\Windows\system32\Gfxres.en-US.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-03-20 19:28 - 2012-08-23 16:07 - 00126035 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00124403 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2015-03-20 19:28 - 2012-08-23 16:07 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00080384 _____ () C:\Windows\system32\igdde64.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00064512 _____ () C:\Windows\SysWOW64\igdde32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-03-20 19:28 - 2012-08-23 16:07 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-03-20 19:28 - 2012-06-19 07:40 - 00342528 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2015-03-20 19:28 - 2012-06-19 07:40 - 00016896 _____ (Intel® Corporation) C:\Windows\system32\IntcDAuC.dll
2015-03-20 19:21 - 2015-03-28 14:05 - 00065960 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 19:21 - 2015-03-20 19:21 - 00001447 _____ () C:\Users\CAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-20 19:21 - 2015-03-20 19:21 - 00001413 _____ () C:\Users\CAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-20 19:21 - 2015-03-20 19:21 - 00000020 ___SH () C:\Users\CAR\ntuser.ini
2015-03-20 19:21 - 2015-03-20 19:21 - 00000000 __SHD () C:\Recovery
2015-03-20 19:21 - 2015-03-20 19:21 - 00000000 ____D () C:\Users\CAR\AppData\Local\VirtualStore
2015-03-20 19:21 - 2015-03-20 19:21 - 00000000 ____D () C:\Users\CAR
2015-03-20 19:21 - 2009-07-14 10:24 - 00000000 ___RD () C:\Users\CAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-20 19:21 - 2009-07-14 10:19 - 00000000 ___RD () C:\Users\CAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-17 18:38 - 2015-03-17 18:23 - 00189912 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 14:09 - 2009-07-14 10:15 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 14:09 - 2009-07-14 10:15 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 14:06 - 2009-07-14 10:43 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 14:02 - 2010-11-21 09:17 - 00007808 _____ () C:\Windows\PFRO.log
2015-03-28 14:02 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 14:02 - 2009-07-14 10:21 - 00036093 _____ () C:\Windows\setupact.log
2015-03-26 20:36 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-24 04:56 - 2009-07-14 10:15 - 00283200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-22 19:40 - 2009-07-14 08:50 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-22 19:39 - 2010-11-21 12:46 - 00000000 ____D () C:\Windows\ShellNew
2015-03-21 08:40 - 2009-07-14 11:08 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-03-21 08:40 - 2009-07-14 11:02 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-03-21 07:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\rescache
2015-03-21 07:46 - 2009-07-14 11:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 07:45 - 2009-07-14 10:16 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-03-21 07:45 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\sysprep
2015-03-21 07:43 - 2010-11-21 12:46 - 00000000 ____D () C:\Windows\CSC
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\th-TH
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\he-IL
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\et-EE
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-03-20 19:48 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\Help
2015-03-20 19:41 - 2009-07-14 08:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-20 19:40 - 2009-07-14 11:02 - 00000000 ____D () C:\Windows\system32\restore

Some content of TEMP:
====================
C:\Users\CAR\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 21:49

==================== End Of Log ============================

 

Hopefully there is a solution!!

 

Thanks :)

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 28 March 2015 - 10:29 AM

Greetings rockyrocks1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. EmieBrowser is legitimate and nothing to be concerned with.

Please run the below for me.

===================================================

Repairing a Corrupted Recycle Bin

----------
  • Click Start and type cmd in the Search box.
  • Right click on cmd above and select Run As Administrator
  • Type the following after the command prompt then press Enter

rd /s /q C:\$Recycle.bin

  • Type Exit then press Enter
  • Reboot your computer
  • Check the Recycle Bin
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 rockyrocks1

rockyrocks1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 28 March 2015 - 11:49 AM

Hey Gary,

 

Thanks for the reply and the advise. You can call my Rocky!

 

I did what you asked me to and I can still see the folder after restart.

 

I can also see various shortcuts in "C:/Users/CAR". These shortcuts are hidden, as well, like $Recycle.Bin and include shortcuts to Application Data, Cookies, Local Settings, My Documents, NetHood etc. And similar files can be seen in "C:\Users\CAR\AppData\Local" too.

 

What Malwarebytes had found before my second post was something like this:

 

Hacktool.Agent, C:\$Recycle.Bin\S-1-5-21-2378097660-3094109273-3362168154-1000\$RY1NVWX.exe, Quarantined, [fb232b1fcdbde74fb4ba81f5cc3549b7],

AVG also found something wrong with the same folder and I clicked on  "Protect Me" for that as well.

 

Thanks again! :)


Edited by rockyrocks1, 28 March 2015 - 02:07 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 29 March 2015 - 09:19 AM

HI Rocky.

Sorry for the delay in responding.

You are supposed to have the $Recycle.Bin folder. Windows will automatically create it if it is not present. I misunderstood, thinking there were files inside the folder you couldn't delete.

The shortcuts you mention are supposed to be there as well.
 

What Malwarebytes had found before my second post was something like this:

Hacktool.Agent, C:\$Recycle.Bin\S-1-5-21-2378097660-3094109273-3362168154-1000\$RY1NVWX.exe, Quarantined, [fb232b1fcdbde74fb4ba81f5cc3549b7],

This is related to illegal software and its intent is to activate a program without a valid Product Key. Very often these downloaded files are the means by which malicious software is introduced into a system.

Please run these.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 rockyrocks1

rockyrocks1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 29 March 2015 - 09:09 PM

Hi Gary thank you for the reply.

 

Is the $Recycle.Bin folder visible in rest of the drives as well? Because I see it now in one of my other drives as well. Though ever since the format I don't see the EmieBrowser files anywhere.

 

The Eset scan showed up nothing and screen317's log is below:

 Results of screen317's Security Check version 0.99.99  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Internet Security 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 17.0.0.134  
 Adobe Reader XI  
 Mozilla Firefox (37.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````
 

_________________________________________

 

Do you think I am just being paranoid!!? haha . I hate viruses because I take extreme precaution while working/browsing!

 

Thanks for the detailed help :)



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 29 March 2015 - 09:33 PM

Hi Rocky,

How about we just say you are being super cautious :).

The $Recycle.Bin is normal.

Regarding the EmieBrowser files. That is a function in Internet Explorer 11 which allows for backwards compatibility with web pages and applications designed for older browsers. By design this compatibility function is turned off, hence the reason you are not seeing it now. Though I am not certain of this, it seems reasonable to assume at some point prior to the reformat a pop up came up on an IE page asking whether or not to utilize the compatibility function. Allowing that would enable the function thus creating the files.

Was the ESET scan clean? The other report looks good.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 rockyrocks1

rockyrocks1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 31 March 2015 - 10:00 AM

Hey Gary,

 

Sorry for the delay. Yes, the ESET scan was clean, no file showed up after the scan was complete.

 

One last thing, does each of the drives have a $Recycle.Bin and System Volume Information?

 

I think as per all the checks I am in the clear. So yeah please feel free to close this thread!

 

Thanks a lot for all your help, I'll keep coming back to look at what all is up at Bleeping Computer! :)



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 31 March 2015 - 01:48 PM

Greetings Rocky, 

One last thing, does each of the drives have a $Recycle.Bin and System Volume Information?

Yes they do.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 01 April 2015 - 10:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users