Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers being hijacked


  • This topic is locked This topic is locked
10 replies to this topic

#1 jwhitcomb

jwhitcomb

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 09 May 2015 - 08:09 AM

Browser was getting redirected when using firefox and chrome.  I ran ccleaner, MBAM, and spybot, but still had the problem.  Came to bleepingcomputer and saw that combofix was a popular download, downloaded it, and ran it not realizing you needed guidance with it.  Problem seems to have gone away, but I would like some help making sure.  The log has some programs that I am unfamiliar with.  Posted on "Am I Infected" page and was asked to post here after running FRST.  Did so, and the FRST logs are attached:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by James (administrator) on MAXIMUS on 09-05-2015 08:52:06
Running from C:\Users\James\Downloads
Loaded Profiles: James & UpdatusUser (Available profiles: James & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-03-16] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKU\S-1-5-21-2362506607-1263999183-2596280161-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2362506607-1263999183-2596280161-1002\...\Run: [Fitbit Connect] => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2362506607-1263999183-2596280161-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2362506607-1263999183-2596280161-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2362506607-1263999183-2596280161-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-2362506607-1263999183-2596280161-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2362506607-1263999183-2596280161-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2362506607-1263999183-2596280161-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2362506607-1263999183-2596280161-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2362506607-1263999183-2596280161-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ml9wxw52.default
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ml9wxw52.default\Extensions\donottrackplus@abine.com [2014-11-21]
FF Extension: Adblock Plus - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ml9wxw52.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-03]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20]
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-20]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-20]
CHR Extension: (Google Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-20]
CHR Extension: (Bookmark Manager) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-18] (Macrovision Europe Ltd.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 08:52 - 2015-05-09 08:52 - 00017273 _____ () C:\Users\James\Downloads\FRST.txt
2015-05-09 08:51 - 2015-05-09 08:52 - 00000000 ____D () C:\FRST
2015-05-09 08:50 - 2015-05-09 08:51 - 02102784 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2015-05-08 20:51 - 2015-05-08 20:51 - 00112920 _____ () C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-08 20:33 - 2015-05-08 20:33 - 00016379 _____ () C:\ComboFix.txt
2015-05-08 20:22 - 2015-05-08 20:33 - 00000000 ____D () C:\Qoobox
2015-05-08 20:22 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-08 20:22 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-08 20:22 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-08 20:22 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-08 20:22 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-08 20:22 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-08 20:22 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-08 20:22 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-08 20:21 - 2015-05-08 20:22 - 05623215 ____R (Swearware) C:\Users\James\Downloads\ComboFix.exe
2015-05-08 20:13 - 2015-05-08 20:32 - 00000000 ____D () C:\Windows\erdnt
2015-05-08 19:53 - 2015-04-17 07:42 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-05-08 19:39 - 2015-05-08 19:41 - 00000000 ____D () C:\AdwCleaner
2015-05-08 19:36 - 2015-05-08 19:36 - 02204160 _____ () C:\Users\James\Downloads\adwcleaner_4.203.exe
2015-05-05 16:54 - 2015-05-08 19:47 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-03 11:33 - 2015-05-03 11:34 - 06484352 _____ (Piriform Ltd) C:\Users\James\Downloads\ccsetup505.exe
2015-05-03 00:10 - 2015-05-03 00:09 - 00450773 ____R () C:\Windows\system32\Drivers\etc\hosts.20150503-001049.backup
2015-05-02 23:25 - 2015-05-08 20:15 - 00000209 _____ () C:\Windows\wininit.ini
2015-05-01 22:31 - 2015-05-01 22:39 - 00000000 ____D () C:\Program Files (x86)\Lorem Ipsum Generator Default Text
2015-04-29 07:57 - 2015-04-29 07:57 - 00000000 ____D () C:\Windows\pss
2015-04-28 20:42 - 2015-04-28 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-04-28 20:42 - 2015-04-28 20:42 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-04-28 20:42 - 2015-04-28 20:42 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-04-28 20:41 - 2015-04-28 20:42 - 04147600 _____ ($Co_Name Inc.) C:\Users\James\Downloads\unifying250.exe
2015-04-25 14:34 - 2015-04-25 14:36 - 00000000 ____D () C:\Users\James\Desktop\james phone
2015-04-24 21:01 - 2015-04-24 21:01 - 00001673 _____ () C:\Users\James\Downloads\launch (6).ica
2015-04-24 20:57 - 2015-04-24 20:57 - 00001674 _____ () C:\Users\James\Downloads\launch (5).ica
2015-04-24 20:56 - 2015-04-24 20:56 - 00001673 _____ () C:\Users\James\Downloads\launch (4).ica
2015-04-24 20:56 - 2015-04-24 20:56 - 00001673 _____ () C:\Users\James\Downloads\launch (3).ica
2015-04-24 20:45 - 2015-04-24 20:47 - 53664128 _____ (Citrix Systems, Inc.) C:\Users\James\Downloads\citrixreceiverweb.exe
2015-04-24 20:39 - 2015-04-24 20:39 - 00001673 _____ () C:\Users\James\Downloads\launch (2).ica
2015-04-24 20:38 - 2015-04-24 20:38 - 00001674 _____ () C:\Users\James\Downloads\launch (1).ica
2015-04-24 20:37 - 2015-04-24 20:37 - 00001673 _____ () C:\Users\James\Downloads\launch.ica
2015-04-24 15:36 - 2015-04-24 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-04-14 18:58 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 18:58 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 18:58 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 18:58 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 18:58 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 18:58 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 18:58 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 18:58 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 18:58 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 18:58 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 18:58 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 18:58 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 18:58 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 18:58 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 18:58 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 18:58 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 18:58 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 18:58 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 18:58 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 18:58 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 18:58 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 18:58 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 18:58 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 18:58 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 18:58 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 18:58 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 18:58 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 18:58 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 18:58 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 18:58 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 18:58 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 18:58 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 18:58 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 18:58 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 18:58 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 18:58 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 18:58 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 18:58 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 18:58 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 18:58 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 18:58 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 18:58 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 18:58 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 18:58 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 18:58 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 18:58 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 18:58 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 18:58 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 18:58 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 18:58 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 18:58 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 18:58 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 18:58 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 18:58 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 18:58 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 18:58 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 18:58 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 18:58 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 18:58 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 18:58 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 18:58 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 18:58 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 18:58 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 18:58 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 18:58 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 18:58 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 18:58 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 18:58 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 18:58 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 18:58 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 18:58 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 18:58 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 18:58 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 18:58 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 18:58 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 18:58 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 18:58 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 18:58 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 18:58 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 18:58 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 18:58 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 18:58 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 18:58 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 18:58 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 18:58 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 18:58 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 18:58 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 18:58 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 18:58 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 18:58 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 18:58 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 18:58 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 18:58 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 18:58 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 18:58 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 18:58 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 18:58 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 18:58 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 18:58 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 18:58 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 18:58 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 18:58 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 18:58 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 18:58 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 18:58 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 18:58 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 18:58 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 18:58 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 18:58 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 18:58 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 18:58 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 18:58 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 18:58 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 18:58 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 18:57 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 18:57 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 18:57 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 18:57 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 18:57 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 18:57 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 18:57 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 18:57 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 18:57 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 18:56 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 18:56 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 18:56 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 18:45 - 2015-04-14 18:45 - 00000000 ____D () C:\Users\James\AppData\Local\openvr
2015-04-09 14:11 - 2015-04-09 14:11 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 08:20 - 2014-01-05 18:31 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-09 08:16 - 2014-01-03 13:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-09 07:56 - 2014-01-02 22:24 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-09 07:53 - 2014-03-16 20:39 - 01741846 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 20:33 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2015-05-08 20:31 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-08 20:20 - 2014-01-05 18:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-08 20:15 - 2014-08-03 15:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-08 20:15 - 2014-08-03 15:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-08 20:08 - 2014-12-21 19:46 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-08 20:03 - 2015-01-25 20:14 - 00000000 ____D () C:\Program Files (x86)\HDSDR
2015-05-08 20:02 - 2014-12-10 21:32 - 00000000 ____D () C:\Program Files\paint.net
2015-05-08 20:01 - 2014-01-03 11:19 - 00000000 ____D () C:\Users\James\AppData\Roaming\Dropbox
2015-05-08 19:57 - 2014-02-26 19:19 - 00000000 ____D () C:\ProgramData\Skype
2015-05-08 19:54 - 2014-11-27 22:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-08 19:53 - 2014-12-21 19:24 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-08 19:51 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 19:51 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 19:50 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 19:48 - 2014-12-26 23:46 - 00000000 ____D () C:\Users\James\AppData\Local\Black_Tree_Gaming
2015-05-08 19:43 - 2014-01-02 22:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-08 19:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 19:41 - 2014-02-02 21:27 - 00000000 ____D () C:\Windows\system32\log
2015-05-08 19:25 - 2014-08-03 15:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 19:19 - 2014-01-03 14:43 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A0E8379-0585-4450-AC47-EAC78CCB1659}
2015-05-07 22:07 - 2014-01-03 13:58 - 00000000 ____D () C:\Users\James\Desktop\Keys
2015-05-07 20:28 - 2015-01-24 11:35 - 00000046 _____ () C:\Windows\TaxACT14.ini
2015-05-06 16:44 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-05 17:25 - 2014-01-03 13:51 - 00000000 ____D () C:\Users\James\Desktop\Jack
2015-05-03 18:50 - 2014-10-23 06:44 - 00001368 _____ () C:\Windows\SysWOW64\debug.log
2015-05-03 11:35 - 2014-01-02 22:32 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-03 00:10 - 2009-07-13 22:34 - 00450773 ____R () C:\Windows\system32\Drivers\etc\hosts.20150503-110339.backup
2015-05-02 23:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-30 21:16 - 2014-01-03 13:58 - 00000000 ____D () C:\Users\James\AppData\Roaming\vlc
2015-04-28 20:45 - 2014-03-31 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-23 17:13 - 2014-01-07 23:18 - 00000000 ____D () C:\Users\James\AppData\Roaming\.minecraft
2015-04-17 07:50 - 2014-01-03 16:09 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-17 07:42 - 2014-12-21 19:24 - 00191400 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-04-17 07:42 - 2014-12-21 19:24 - 00190888 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-04-17 07:42 - 2014-12-21 19:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-15 21:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:22 - 2014-01-03 13:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 19:22 - 2014-01-03 13:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 19:22 - 2014-01-03 13:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 03:25 - 2014-12-11 04:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:25 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:10 - 2014-01-03 10:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:09 - 2014-01-05 13:53 - 00773912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:07 - 2014-01-03 11:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:03 - 2014-01-03 11:26 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-09-27 17:51 - 2014-09-29 16:47 - 0003584 _____ () C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 22:50 - 2015-02-25 21:02 - 0000600 _____ () C:\Users\James\AppData\Local\PUTTY.RND
2014-12-10 21:25 - 2014-12-10 21:25 - 0003843 _____ () C:\Users\James\AppData\Local\recently-used.xbel
2014-08-07 00:21 - 2014-08-07 00:21 - 0000017 _____ () C:\Users\James\AppData\Local\resmon.resmoncfg
2014-07-13 22:14 - 2014-07-13 22:23 - 0000125 ___SH () C:\ProgramData\.zreglib
2014-03-16 20:35 - 2014-03-16 20:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-24 10:46 - 2014-01-25 17:29 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-18 17:21

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:47 AM

Posted 14 May 2015 - 07:02 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.(NEW VERSION)
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 jwhitcomb

jwhitcomb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 14 May 2015 - 07:49 PM

Here is the AdwCleaner log:

 

# AdwCleaner v4.204 - Logfile created 14/05/2015 at 20:11:01
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : James - MAXIMUS
# Running from : C:\Users\James\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.152

[C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aapocclcgogkmnckokdopfmhonfmgoek
[C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aohghmighlieiainnegkcijnfilokake
[C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : apdfllckaahabafndbhieahigkjlhalf
[C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : felcaaldnbdncclmgdcncolpebgiejap
[C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : gmlllbghnfkpflemihljekbapjopfjik
[C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda

*************************

AdwCleaner[R0].txt - [7122 bytes] - [08/05/2015 19:39:27]
AdwCleaner[R1].txt - [2731 bytes] - [14/05/2015 20:02:23]
AdwCleaner[R2].txt - [2790 bytes] - [14/05/2015 20:09:48]
AdwCleaner[S0].txt - [6996 bytes] - [08/05/2015 19:41:33]
AdwCleaner[S1].txt - [2743 bytes] - [14/05/2015 20:11:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2802  bytes] ##########

 

And the MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/14/2015
Scan Time: 8:26:38 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.14.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427758
Time Elapsed: 21 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:47 AM

Posted 15 May 2015 - 02:28 AM

Step 1

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    systemspecs;
    filesrcm;
    autoclean;
    shortcutfix;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 jwhitcomb

jwhitcomb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 15 May 2015 - 04:10 PM

Zoek results:

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by James on Fri 05/15/2015 at 13:07:51.75.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\James\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5/15/2015 1:08:55 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Elaborate Bytes deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\Mp3tag deleted successfully
C:\Program Files\paint.net deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\Users\James\AppData\Roaming\16263 deleted successfully
C:\Users\James\AppData\Roaming\1683 deleted successfully
C:\Users\James\AppData\Roaming\17138 deleted successfully
C:\Users\James\AppData\Roaming\28586 deleted successfully
C:\Users\James\AppData\Roaming\3633 deleted successfully
C:\Users\James\AppData\Roaming\EncryptStick deleted successfully
C:\Users\James\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\James\AppData\Local\Black_Tree_Gaming deleted successfully
C:\Users\James\AppData\Local\Razer deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ml9wxw52.default

user.js not found
---- Lines extensions.wxU4jyXGeeJWQH1p removed from prefs.js ----
user_pref("extensions.wxU4jyXGeeJWQH1p.epoch", "1430706156");
user_pref("extensions.wxU4jyXGeeJWQH1p.url", "http://starrnice.eu/sync2/?q=hfZ9ofV9CShEAen0rTaEqdgMg708BNmGWj8lkGhGheDUojw8rdkErTaGrHw9qchIC7n0rjkEqja
---- Lines extensions.xQMH7TnGgGPpJpEp removed from prefs.js ----
user_pref("extensions.xQMH7TnGgGPpJpEp.epoch", "1430706157");
user_pref("extensions.xQMH7TnGgGPpJpEp.url", "http://bloggerpixieusa.info/sync2/?q=hfZ9oemMC7n5hShEAen0rTaEqdgMg708BNmGWj8lkGhGheDUojw8rdkErTaGrHwFrGh
---- FireFox user.js and prefs.js backups ----

prefs_20150515_0119_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Elaborate Bytes not found
C:\PROGRA~2\Mp3tag not found
C:\PROGRA~2\HDSDR deleted
C:\PROGRA~2\Lorem Ipsum Generator Default Text deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\Users\James\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\1621ffe1.msi" deleted
"C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Web TuneUp" not deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8142 MB
CPU Info: AMD FX™-6300 Six-Core Processor
CPU Speed: 3857.4 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Realtek HD Audio 2nd output (Re |
Realtek Digital Output(Optical) |
Display Adapters: ATI Radeon HD 5450 | ATI Radeon HD 5450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: ASUS    DRW-24B1ST   i
Ports: COM1 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  931.4GB | E:  232.9GB
Hard Disks - Free: C:  677.4GB | E:  200.5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/08/13 | ALASKA - 1072009
Time Zone: Eastern Standard Time
Motherboard *: MSI 970A-G46 (MS-7693)
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated)
Default Browser: Firefox    37.0.2
Internet Explorer Version: 11.0.9600.17801
Mozilla Firefox version: 37.0.2 (x86 en-US)
Google Chrome version: 42.0.2311.152
Adobe Reader version: 11.0.11.18
Sun Java version: 1.8.0_45 (32-bit)
Sun Java version: 1.8.0_45 (64-bit)
Flash Player version: 17.0.0.169

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-05-09 00:22:27    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2015-05-09 00:22:27    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2015-05-09 00:22:27    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2015-05-09 00:22:27    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2015-05-09 00:22:27    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
====== C:\Users\James\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-05-13 07:02:05    858EB73F68B20A2A5C66B6C000D1C0DD    102608    ----a-w-    C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:18:48    418AEC0CE89A13200F2820079B9CDFD9    216064    ----a-w-    C:\Windows\SysWOW64\InkEd.dll
2015-05-12 19:18:45    D0CA74BE380498A0111A73EB9C76CF8F    342016    ----a-w-    C:\Windows\SysWOW64\certcli.dll
2015-05-12 19:18:45    2665A3D34D1C62DF303723422215B001    248832    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2015-05-12 19:18:40    CFCB89C0FE8EF502A7934C0D20E5DBD6    76288    ----a-w-    C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 19:18:40    C3120D99E6DA7878A1DD2D88138AC60A    30720    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2015-05-12 19:18:40    9025CA7BCD6B7956366FC90B3D6E3933    47616    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 19:18:39    D74445161E58644309F858342F5E265C    19691008    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2015-05-12 19:18:39    C2EB0AA5570CF8BC881B36EE55A59337    688640    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 19:18:39    C1A32612710492D0C3339E46EC15E333    504320    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2015-05-12 19:18:39    AA2F2D55DEF98007839D0189D721D70B    1310208    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2015-05-12 19:18:39    8C00AB01B1BC1E2F69765776BBC5A5D1    64000    ----a-w-    C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 19:18:39    7B4FA4B41FBDBB12C5038FCB6E6652AA    285696    ----a-w-    C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 19:18:39    746BBC86351D07859D8B40056447F7B2    60416    ----a-w-    C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 19:18:39    6388FC82897DDDA607BBE3580D75AE15    342736    ----a-w-    C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 19:18:38    E993B5E929F46A52E9F4EB68A7855CDF    62464    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2015-05-12 19:18:38    C525258A00ECFB4CE089F54C163268C3    2278400    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2015-05-12 19:18:38    63A2E3E9C771B1D4D7D84942D6FCB661    710144    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 19:18:38    28313FF0DE83EAD8F5EF1B963D9078C3    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 19:18:38    136687227F11CE928CB05F4FD90319AC    2052608    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 19:18:37    F2DB87F164BC13AB8EF90FBF5D866B65    664576    ----a-w-    C:\Windows\SysWOW64\jscript.dll
2015-05-12 19:18:37    CC4974FCF9387F32A0FF87BCE093A5AD    620032    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 19:18:37    BCFA71A878903B5F92A7AFEFCCC5CA97    478208    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2015-05-12 19:18:37    5AAC24BF6C4A54DA526CC6244DEBE227    418304    ----a-w-    C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 19:18:37    3CE5DE0730C22A54FE783DB8A989E8BD    47104    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 19:18:37    1BBC9CFD29A62D80FB77BB69BFF7513C    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 19:18:37    0E22CD36FC3292CB812CC46CBCFD8444    12828672    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2015-05-12 19:18:36    6E2B4875B968324E5844F35A37A79260    4305920    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2015-05-12 19:18:36    1C5C5B5EF9CFDFC897D4549A2385DB3A    1155072    ----a-w-    C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 19:18:35    CB5F450D21B9D76B7F01D006E4AEDB40    1882112    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2015-05-12 19:18:35    37625FC1DAF886F1980E2D8F315B93AC    168960    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2015-05-12 19:18:35    07E82A31808C8BC053D1DE547082C58F    341504    ----a-w-    C:\Windows\SysWOW64\html.iec
2015-05-12 19:15:56    8D50ED3F0FBE3590AB0D43BF7B60E57A    3989440    ----a-w-    C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 19:15:56    0A66C88B087249742381924AB8F9EFCC    3934144    ----a-w-    C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 19:15:55    EB058143B57ED460AC4F2DFBA104BBFF    364544    ----a-w-    C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 19:15:55    D0F574320615303ADECDCB452EBB8930    635392    ----a-w-    C:\Windows\SysWOW64\tdh.dll
2015-05-12 19:15:55    A44680B810977EA64E280523E96F2EA9    1310744    ----a-w-    C:\Windows\SysWOW64\ntdll.dll
2015-05-12 19:15:55    7A5824DC9A85FCE4334F57FF0795853E    641536    ----a-w-    C:\Windows\SysWOW64\advapi32.dll
2015-05-12 19:15:55    54A01CC4BC47B31C5CD082D064AB37BC    550912    ----a-w-    C:\Windows\SysWOW64\kerberos.dll
2015-05-12 19:15:55    1569F20BB9DB9FDC87A6D3C8A3726ABF    1114112    ----a-w-    C:\Windows\SysWOW64\kernel32.dll
2015-05-12 19:15:54    FCB1C8345C794FE89ABA03B4CA3131BB    65536    ----a-w-    C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 19:15:54    F43CB86F9536B17E5C7CFCFB48ACBE54    7680    ----a-w-    C:\Windows\SysWOW64\instnm.exe
2015-05-12 19:15:54    F286528898342F0F1EB402606750C391    17408    ----a-w-    C:\Windows\SysWOW64\diskperf.exe
2015-05-12 19:15:54    D9E25B4BD2120CC5183CCCE9421C7AFE    25600    ----a-w-    C:\Windows\SysWOW64\setup16.exe
2015-05-12 19:15:54    D9716B488CC27652C12B1B5E0944987E    2048    ----a-w-    C:\Windows\SysWOW64\user.exe
2015-05-12 19:15:54    D079A408CC3E22A09D1260A6F18FC0FD    146432    ----a-w-    C:\Windows\SysWOW64\msaudite.dll
2015-05-12 19:15:54    C6D2D384B6232B0B800234C03C50979F    82944    ----a-w-    C:\Windows\SysWOW64\logman.exe
2015-05-12 19:15:54    BF9BB4113E9FCDABD4C703DDD06293F3    60416    ----a-w-    C:\Windows\SysWOW64\msobjs.dll
2015-05-12 19:15:54    AFFE5747054D03F8CEE18A8518A9AA34    50176    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2015-05-12 19:15:54    ABA025664F9F42C568B2C022AADCB18F    43008    ----a-w-    C:\Windows\SysWOW64\srclient.dll
2015-05-12 19:15:54    99A508910BB06DFBE99D9AF7D6B4E950    22016    ----a-w-    C:\Windows\SysWOW64\secur32.dll
2015-05-12 19:15:54    97B30711DC6CA0EA4EACEDCE8080A3B4    37888    ----a-w-    C:\Windows\SysWOW64\relog.exe
2015-05-12 19:15:54    9638DA21E965E23C85C4319F3F66D824    6656    ----a-w-    C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 19:15:54    8C45A65ED20B487085B79EEFCC08D160    92160    ----a-w-    C:\Windows\SysWOW64\sechost.dll
2015-05-12 19:15:54    86B2AC15999BB4F8B5C84AB6154A1783    686080    ----a-w-    C:\Windows\SysWOW64\adtschema.dll
2015-05-12 19:15:54    850F756363237A2EB069B9B25EF8BEC3    172032    ----a-w-    C:\Windows\SysWOW64\wdigest.dll
2015-05-12 19:15:54    7F99900705E249E9D5C55E490B7D076E    274944    ----a-w-    C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 19:15:54    79AF005633B7E41B7A194A7E7B9D3D93    17408    ----a-w-    C:\Windows\SysWOW64\credssp.dll
2015-05-12 19:15:54    74C0EC1257698176E288DA282F318E1C    40448    ----a-w-    C:\Windows\SysWOW64\typeperf.exe
2015-05-12 19:15:54    741DB93796E7D4F3F804C13537FB40F4    96768    ----a-w-    C:\Windows\SysWOW64\sspicli.dll
2015-05-12 19:15:54    6BB13D5E12C5C4D829C1D640DF269EA0    5120    ----a-w-    C:\Windows\SysWOW64\wow32.dll
2015-05-12 19:15:54    66D6A06936088E412E29A182679F0D71    259584    ----a-w-    C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 19:15:54    3346701038E55BD366F3D5CE31F55483    14336    ----a-w-    C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 19:15:54    0B6E937863837BA3383E9CE9200DDF1E    221184    ----a-w-    C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 19:15:44    C22AB1781BC6F0BB1C9B352CF66DBFFC    1250816    ----a-w-    C:\Windows\SysWOW64\DWrite.dll
2015-05-12 19:15:39    744AB3C1A73A57DEED49D631F1BDEA1D    2311168    ----a-w-    C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 19:15:32    C489D8B4D8C64F20CC75A93F541F7D91    123904    ----a-w-    C:\Windows\SysWOW64\poqexec.exe
2015-05-12 19:15:30    DCA2C6E7990771209CDD8E9DA90ED0E2    5120    ----a-w-    C:\Windows\SysWOW64\shimeng.dll
2015-05-12 19:15:30    D3E8C7FADB758E5D222C639CC65790AD    295936    ----a-w-    C:\Windows\SysWOW64\apphelp.dll
2015-05-12 19:15:30    715C060150D969B0DE5DD5B365A712AF    20992    ----a-w-    C:\Windows\SysWOW64\sdbinst.exe
2015-05-08 23:53:29    12F3D9FC2D1D68BB1C9AF782F94E4CF8    272296    ----a-w-    C:\Windows\SysWOW64\javaws.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-05-13 07:29:24    429D336DF09DB4D1239E79CD4480FDBC    427272    ----a-w-    C:\Windows\Sysnative\FNTCACHE.DAT
2015-05-13 07:02:05    189FB45D7442083AE8A2E4E612233EF7    124112    ----a-w-    C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:18:48    6B0F962B1EE486FFE7BCABBC9C736976    24576    ----a-w-    C:\Windows\Sysnative\jnwmon.dll
2015-05-12 19:18:48    2B36E0C5C262437E1B098344DEFA55F8    275456    ----a-w-    C:\Windows\Sysnative\InkEd.dll
2015-05-12 19:18:45    ED4B980701D081AC42F7B121C1E42149    460800    ----a-w-    C:\Windows\Sysnative\certcli.dll
2015-05-12 19:18:45    8AD8D17425C75D2621B2CDFE0DEABD21    342016    ----a-w-    C:\Windows\Sysnative\schannel.dll
2015-05-12 19:18:40    E802824B9B4A16355A5233A7B8215ECE    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2015-05-12 19:18:40    9DCD15027A13195ABA68B40A5EB26691    114688    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2015-05-12 19:18:39    70EDB996FE1BCB699232A15CB0D0FA32    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2015-05-12 19:18:39    6D2787CD32595A91969502A399E7BA48    77824    ----a-w-    C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-05-12 19:18:39    5EDC6AF7589B65C89CB1154B3377D0C4    720384    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2015-05-12 19:18:39    1122DD841CCB7E07EF41039CBD66A29E    34304    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2015-05-12 19:18:38    ED4EB5A0CDD251A17B946C515CB94D70    1547264    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2015-05-12 19:18:38    D7B9EEF960F68DC18724BB5F89A464DD    389840    ----a-w-    C:\Windows\Sysnative\iedkcs32.dll
2015-05-12 19:18:37    F28577138120BA7E5423820D4B4C4727    66560    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2015-05-12 19:18:37    EB9FCD39D65E23380CB2C2F0E6F2ED53    316928    ----a-w-    C:\Windows\Sysnative\dxtrans.dll
2015-05-12 19:18:37    E20B5098C8707B2CF0858024568234FF    801280    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2015-05-12 19:18:37    2A2CDE78F9E9019AD0E4D804A02688A3    968704    ----a-w-    C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-05-12 19:18:37    010F562B961AB8CAEC7A0C72F8FDD690    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2015-05-12 19:18:36    F918BE3C5ACA0B6485D725CC1A5348DC    2125824    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2015-05-12 19:18:36    B85ECB91C88F6E74045061B7F7DDEFA2    584192    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2015-05-12 19:18:36    843D063E75B19188759CBEC82828BCB1    2885120    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2015-05-12 19:18:36    49B1935F131A44CD29857D6900CB643F    800768    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2015-05-12 19:18:35    E061B5A1D0F9BBACA41149201ADF4A3B    14401536    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2015-05-12 19:18:35    CA0369799519F33DDE8FD26F5D87D014    490496    ----a-w-    C:\Windows\Sysnative\dxtmsft.dll
2015-05-12 19:18:35    29BBA65402DD568F49C837533F269482    144384    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2015-05-12 19:18:35    1D610F215769E4FF56C7B1847DE4B86D    633856    ----a-w-    C:\Windows\Sysnative\ieui.dll
2015-05-12 19:18:35    0B4E78E6E65D1FD2CE55C93CF1EFD623    54784    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2015-05-12 19:18:34    FFC30231459FC44FD73E07532C707791    1359360    ----a-w-    C:\Windows\Sysnative\mshtmlmedia.dll
2015-05-12 19:18:34    F0289B3A341429117696F0279DA977B6    2352128    ----a-w-    C:\Windows\Sysnative\wininet.dll
2015-05-12 19:18:34    DC1200D3C3AC1E69A4DAD053BC26BF0D    814080    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2015-05-12 19:18:34    79A4C71CD8B610DE9F66B72B5654C450    6025728    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2015-05-12 19:18:34    63061A0826839DE8F5B4713976C99F1B    816640    ----a-w-    C:\Windows\Sysnative\jscript.dll
2015-05-12 19:18:34    1921A72BF1273BED72E569EF1F1A0611    92160    ----a-w-    C:\Windows\Sysnative\mshtmled.dll
2015-05-12 19:18:33    F2A1718334172C0F4E231E998F6CB8AB    199680    ----a-w-    C:\Windows\Sysnative\msrating.dll
2015-05-12 19:18:33    C31D57F7A58FACDA2671075CEBA75199    24971776    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2015-05-12 19:18:33    C1D6BD834E69E8F77C8B4DDFCEE073F6    417792    ----a-w-    C:\Windows\Sysnative\html.iec
2015-05-12 19:18:33    5A18ACE782C215300BE1C82D9EDC565B    88064    ----a-w-    C:\Windows\Sysnative\MshtmlDac.dll
2015-05-12 19:16:12    71C85477DF9347FE8E7BC55768473FCA    328704    ----a-w-    C:\Windows\Sysnative\services.exe
2015-05-12 19:15:56    EA8A3E8C674B03CB4AFA1D344DBD7BC1    1254400    ----a-w-    C:\Windows\Sysnative\diagtrack.dll
2015-05-12 19:15:56    D449C36379EBEFD3CCDAEC328002BB5B    36864    ----a-w-    C:\Windows\Sysnative\UtcResources.dll
2015-05-12 19:15:56    A985325F4FE72FB003749A2FBBA9952E    5569984    ----a-w-    C:\Windows\Sysnative\ntoskrnl.exe
2015-05-12 19:15:56    8453010B6512DAEAFC61CC0836FA137E    1728960    ----a-w-    C:\Windows\Sysnative\ntdll.dll
2015-05-12 19:15:55    FDF1E0FD74DED0034BA6FFB665E0641E    424448    ----a-w-    C:\Windows\Sysnative\KernelBase.dll
2015-05-12 19:15:55    EE27E1D639E3807229C15AF94320CF0A    404992    ----a-w-    C:\Windows\Sysnative\tracerpt.exe
2015-05-12 19:15:55    DA8B541825991F6699790E617FF0FF60    1461760    ----a-w-    C:\Windows\Sysnative\lsasrv.dll
2015-05-12 19:15:55    D17DD01601460F5899E5C154B3FD0BFA    215040    ----a-w-    C:\Windows\Sysnative\winsrv.dll
2015-05-12 19:15:55    B01B21E15671ACD3F0AD131DC4CABFC7    879104    ----a-w-    C:\Windows\Sysnative\advapi32.dll
2015-05-12 19:15:55    A0BCD6A64281492EFAE02AC144A335F1    243712    ----a-w-    C:\Windows\Sysnative\wow64.dll
2015-05-12 19:15:55    9C5DBA74D0C641C2A4ABDC79969B7BEF    104448    ----a-w-    C:\Windows\Sysnative\logman.exe
2015-05-12 19:15:55    52146DBFE253B83FAB1980AA704C7974    113664    ----a-w-    C:\Windows\Sysnative\sechost.dll
2015-05-12 19:15:55    408A8232E84515E4AA819E0C95E65257    314880    ----a-w-    C:\Windows\Sysnative\msv1_0.dll
2015-05-12 19:15:55    1C9F2F4A2C603739BD8CC8C64310AFD7    1162752    ----a-w-    C:\Windows\Sysnative\kernel32.dll
2015-05-12 19:15:55    10D39E74B0D5011A8C199B9646579C3F    879104    ----a-w-    C:\Windows\Sysnative\tdh.dll
2015-05-12 19:15:55    0CD609B1143961F5C3BA691729A6A5DA    503808    ----a-w-    C:\Windows\Sysnative\srcore.dll
2015-05-12 19:15:54    FE60A67032A5C94F6ACE483C8FE84105    47104    ----a-w-    C:\Windows\Sysnative\typeperf.exe
2015-05-12 19:15:54    E55A72876BC5E244D0A8F7F07862A939    338432    ----a-w-    C:\Windows\Sysnative\conhost.exe
2015-05-12 19:15:54    E1B0C7042BA7B8903D60DF3885F2DFE7    16384    ----a-w-    C:\Windows\Sysnative\ntvdm64.dll
2015-05-12 19:15:54    DA5EF2CC0764BE7097BAFA9CAF903FE8    112640    ----a-w-    C:\Windows\Sysnative\smss.exe
2015-05-12 19:15:54    D2602AC48B38FA10956E32D18E7143B0    362496    ----a-w-    C:\Windows\Sysnative\wow64win.dll
2015-05-12 19:15:54    D205305FB0E352A9D4CF922D6A016BF4    13312    ----a-w-    C:\Windows\Sysnative\wow64cpu.dll
2015-05-12 19:15:54    CD3770C78AFFC223A3B9D38F27B7A309    309760    ----a-w-    C:\Windows\Sysnative\ncrypt.dll
2015-05-12 19:15:54    CCAB9BE9C9100C5F54A5A8F355730841    728064    ----a-w-    C:\Windows\Sysnative\kerberos.dll
2015-05-12 19:15:54    BB7BAF9532DBA5AB4009E981687D1EA6    19456    ----a-w-    C:\Windows\Sysnative\diskperf.exe
2015-05-12 19:15:54    AF278DB00C43E925E58C8CA2C0CF4C71    686080    ----a-w-    C:\Windows\Sysnative\adtschema.dll
2015-05-12 19:15:54    ADC2D7B5BFF277E5A9FACE6A21A24ABC    29184    ----a-w-    C:\Windows\Sysnative\sspisrv.dll
2015-05-12 19:15:54    ACE24D86D2714FCC1639F890DF54951B    86528    ----a-w-    C:\Windows\Sysnative\TSpkg.dll
2015-05-12 19:15:54    A3DCC3D8BB57E31EA07949313CC3A3CF    43520    ----a-w-    C:\Windows\Sysnative\csrsrv.dll
2015-05-12 19:15:54    9262D6E2C239EDD6D87B080F2BCCEC9F    31232    ----a-w-    C:\Windows\Sysnative\lsass.exe
2015-05-12 19:15:54    90DC7B112F946B412C9CDC6F459F4053    60416    ----a-w-    C:\Windows\Sysnative\msobjs.dll
2015-05-12 19:15:54    90293AAC2AB0908BFF98ADB89CEBC931    6656    ----a-w-    C:\Windows\Sysnative\apisetschema.dll
2015-05-12 19:15:54    8C711AF30BE3991050D0D011D92CFBE0    50176    ----a-w-    C:\Windows\Sysnative\srclient.dll
2015-05-12 19:15:54    7A448B8CED7F7348C36159D5CC8E19ED    146432    ----a-w-    C:\Windows\Sysnative\msaudite.dll
2015-05-12 19:15:54    79F036EB691ABBA84E8EB1715E5F2B17    43008    ----a-w-    C:\Windows\Sysnative\relog.exe
2015-05-12 19:15:54    52935C072F8D5A92508AA3A3CC9133C7    296960    ----a-w-    C:\Windows\Sysnative\rstrui.exe
2015-05-12 19:15:54    50EBA6640805F6D5EF4A0DCEF2D180AB    22016    ----a-w-    C:\Windows\Sysnative\credssp.dll
2015-05-12 19:15:54    4DD0098FFAB4664DB979537C48AE055F    64000    ----a-w-    C:\Windows\Sysnative\auditpol.exe
2015-05-12 19:15:54    40C5EA47D4AEC96249B09BF0C076A60C    136192    ----a-w-    C:\Windows\Sysnative\sspicli.dll
2015-05-12 19:15:54    2292CD8500725B94B7D2E3C0C84F2D19    210944    ----a-w-    C:\Windows\Sysnative\wdigest.dll
2015-05-12 19:15:54    0D9BDBE780DD81757AC5AF87E8B1EBEC    28160    ----a-w-    C:\Windows\Sysnative\secur32.dll
2015-05-12 19:15:45    E612E86FA15EA1EF9A52433A2743C447    1179136    ----a-w-    C:\Windows\Sysnative\FntCache.dll
2015-05-12 19:15:45    490505F6E53EF046EC70A353BC9CD615    1647104    ----a-w-    C:\Windows\Sysnative\DWrite.dll
2015-05-12 19:15:44    D858C33B133740D5F1F1CF71C33F6355    3204608    ----a-w-    C:\Windows\Sysnative\win32k.sys
2015-05-12 19:15:39    E5404072A5A9E0B452ADDF1D1339176C    2543104    ----a-w-    C:\Windows\Sysnative\wpdshext.dll
2015-05-12 19:15:32    C7E50B04623FC6FF54EAF88938A8936E    142336    ----a-w-    C:\Windows\Sysnative\poqexec.exe
2015-05-12 19:15:30    F55F287810AAF708618793764AF7D1BB    23552    ----a-w-    C:\Windows\Sysnative\sdbinst.exe
2015-05-12 19:15:30    83BFCCAC53795E8A5055A93672D0C46C    72192    ----a-w-    C:\Windows\Sysnative\aelupsvc.dll
2015-05-12 19:15:30    7E21D3072EB20D5400919D435D549A9B    6656    ----a-w-    C:\Windows\Sysnative\shimeng.dll
2015-05-12 19:15:30    31D260ADAF1CCFEFC49DB9FBCE9986DA    342016    ----a-w-    C:\Windows\Sysnative\apphelp.dll
====== C:\Windows\Sysnative\drivers =====
2015-05-12 19:15:55    F7DFAE6040AC910B7C64EE208A34157D    95680    ----a-w-    C:\Windows\Sysnative\drivers\ksecdd.sys
2015-05-12 19:15:55    8FE94F2EF9BF444E93E35D87E210D02F    155584    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-05-05 20:54:31    --------    d-----w-    C:\Program Files\CyberGhost 5
2015-04-29 00:42:51    --------    d-----w-    C:\Program Files\Common Files\LogiShrd
======= C:\PROGRA~2 =====
2015-05-14 23:54:24    --------    d-----w-    C:\PROGRA~2\AVG
2015-04-17 11:43:31    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\James\AppData\Roaming ======
2015-05-14 23:56:00    --------    d-----w-    C:\Users\James\AppData\Roaming\AVG2015
2015-05-14 23:55:42    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015
2015-05-14 23:55:28    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2015-05-14 23:54:25    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015
2015-05-14 23:44:53    --------    d-----w-    C:\Users\James\AppData\Local\Avg2015
2015-05-09 00:51:36    128B8E7014C04FA4442DAF0C07FA691B    112920    ----a-w-    C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-09 00:33:38    --------    d-----w-    C:\Users\UpdatusUser\AppData\Local\temp
2015-05-09 00:33:38    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2015-05-09 00:33:38    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2015-05-09 00:33:38    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
====== C:\Users\James ======
2015-05-15 00:20:34    6CDEAC78E5677E304477FB36351C3195    21546080    ----a-w-    C:\Users\James\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-14 23:55:27    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-14 23:54:54    --------    d-----w-    C:\ProgramData\AVG2015
2015-05-14 23:31:03    33C195F50AAECA7337A7B493359E91F3    2209792    ----a-w-    C:\Users\James\Downloads\adwcleaner_4.204.exe
2015-05-09 12:50:59    C5A9A225F429DCAFC6CA49071D063C90    2102784    ----a-w-    C:\Users\James\Downloads\FRST64.exe
2015-05-09 00:33:38    --------    d-----w-    C:\Users\Public\AppData
2015-04-29 00:42:54    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-04-29 00:42:54    --------    d-----w-    C:\ProgramData\LogiShrd

====== C: exe-files ==
2015-05-15 10:30:39    F6EEE6848E933962E12E7B3F25C73C88    88392    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe
2015-05-15 10:30:39    6732C4A894855042FD3618406B6BBD48    88392    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe
2015-05-15 10:30:39    0894890F30B5F6510DF953BC50B5504F    88392    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe
2015-05-15 10:30:38    C990A8EAD57DA59FA8156CC02D3B7DA5    931408    ----a-w-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe
2015-05-15 10:30:30    BB3045B399D898061B926B447C446E05    127816    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe
2015-05-15 10:30:30    8715A0D10CFFC8DEE923957F07DAA042    244040    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
2015-05-15 10:30:30    6509A96DAE25340772B51AC020CB1094    304968    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
2015-05-15 10:30:29    0C03FB91E17987EED93F60007B08DAA0    144200    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe
2015-05-15 10:30:26    C990A8EAD57DA59FA8156CC02D3B7DA5    931408    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{FC7DF3B5-E76F-40BF-ABC3-B2666E43487F}\GoogleUpdateSetup.exe
2015-05-15 10:30:26    C990A8EAD57DA59FA8156CC02D3B7DA5    931408    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe
2015-05-15 00:20:34    6CDEAC78E5677E304477FB36351C3195    21546080    ----a-w-    C:\Users\James\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-14 23:31:03    33C195F50AAECA7337A7B493359E91F3    2209792    ----a-w-    C:\Users\James\Downloads\adwcleaner_4.204.exe
2015-05-14 19:53:44    D308FEE17FBACB94C2E27067AE2C57A6    1044048    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{4BC2F29C-E1E9-4A07-A3B7-60B984BD28F0}\42.0.2311.152_42.0.2311.135_chrome_updater.exe
2015-05-14 19:53:44    D308FEE17FBACB94C2E27067AE2C57A6    1044048    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.152\42.0.2311.152_42.0.2311.135_chrome_updater.exe
2015-05-12 19:18:48    D5E35700566B225CBF8ECD7F92C460C8    2164224    ----a-w-    C:\Program Files\Windows Journal\Journal.exe
2015-05-12 19:18:48    0DBC9BB05703CA0D8792E2075D62B3C3    51200    ----a-w-    C:\Program Files\Windows Journal\PDIALOG.exe
2015-05-12 19:18:40    9DCD15027A13195ABA68B40A5EB26691    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2015-05-12 19:18:39    5EDC6AF7589B65C89CB1154B3377D0C4    720384    ----a-w-    C:\Windows\System32\ie4uinit.exe
2015-05-12 19:18:39    4B3D652AACEE4FE636F74CB8015BF00E    221184    ----a-w-    C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2015-05-12 19:18:38    A2A98DBD9E13B81AB68FB6A699A157CB    469504    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-05-12 19:18:38    2AA6685FC67CDD231BA0345112DFEE89    222720    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2015-05-12 19:18:37    EC75F14CC85659C780A0DC575F7B1242    815304    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-05-12 19:18:37    2A2CDE78F9E9019AD0E4D804A02688A3    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-12 19:18:37    1BBC9CFD29A62D80FB77BB69BFF7513C    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 19:18:36    CDBB6EFC96D0567951A13A6ABDCA1FDE    484864    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2015-05-12 19:18:36    ABE6FDB01D22FD63BB190BF95F5BC9B6    813776    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2015-05-12 19:18:35    29BBA65402DD568F49C837533F269482    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2015-05-12 19:16:12    71C85477DF9347FE8E7BC55768473FCA    328704    ----a-w-    C:\Windows\System32\services.exe
2015-05-12 19:15:56    A985325F4FE72FB003749A2FBBA9952E    5569984    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2015-05-12 19:15:56    8D50ED3F0FBE3590AB0D43BF7B60E57A    3989440    ----a-w-    C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 19:15:56    0A66C88B087249742381924AB8F9EFCC    3934144    ----a-w-    C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 19:15:55    EE27E1D639E3807229C15AF94320CF0A    404992    ----a-w-    C:\Windows\System32\tracerpt.exe
2015-05-12 19:15:55    EB058143B57ED460AC4F2DFBA104BBFF    364544    ----a-w-    C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 19:15:55    9C5DBA74D0C641C2A4ABDC79969B7BEF    104448    ----a-w-    C:\Windows\System32\logman.exe
2015-05-12 19:15:54    FE60A67032A5C94F6ACE483C8FE84105    47104    ----a-w-    C:\Windows\System32\typeperf.exe
2015-05-12 19:15:54    F43CB86F9536B17E5C7CFCFB48ACBE54    7680    ----a-w-    C:\Windows\SysWOW64\instnm.exe
2015-05-12 19:15:54    F286528898342F0F1EB402606750C391    17408    ----a-w-    C:\Windows\SysWOW64\diskperf.exe
2015-05-12 19:15:54    E55A72876BC5E244D0A8F7F07862A939    338432    ----a-w-    C:\Windows\System32\conhost.exe
2015-05-12 19:15:54    DA5EF2CC0764BE7097BAFA9CAF903FE8    112640    ----a-w-    C:\Windows\System32\smss.exe
2015-05-12 19:15:54    D9E25B4BD2120CC5183CCCE9421C7AFE    25600    ----a-w-    C:\Windows\SysWOW64\setup16.exe
2015-05-12 19:15:54    D9716B488CC27652C12B1B5E0944987E    2048    ----a-w-    C:\Windows\SysWOW64\user.exe
2015-05-12 19:15:54    C6D2D384B6232B0B800234C03C50979F    82944    ----a-w-    C:\Windows\SysWOW64\logman.exe
2015-05-12 19:15:54    BB7BAF9532DBA5AB4009E981687D1EA6    19456    ----a-w-    C:\Windows\System32\diskperf.exe
2015-05-12 19:15:54    AFFE5747054D03F8CEE18A8518A9AA34    50176    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2015-05-12 19:15:54    97B30711DC6CA0EA4EACEDCE8080A3B4    37888    ----a-w-    C:\Windows\SysWOW64\relog.exe
2015-05-12 19:15:54    9262D6E2C239EDD6D87B080F2BCCEC9F    31232    ----a-w-    C:\Windows\System32\lsass.exe
2015-05-12 19:15:54    79F036EB691ABBA84E8EB1715E5F2B17    43008    ----a-w-    C:\Windows\System32\relog.exe
2015-05-12 19:15:54    74C0EC1257698176E288DA282F318E1C    40448    ----a-w-    C:\Windows\SysWOW64\typeperf.exe
2015-05-12 19:15:54    52935C072F8D5A92508AA3A3CC9133C7    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2015-05-12 19:15:54    4DD0098FFAB4664DB979537C48AE055F    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2015-05-12 19:15:32    C7E50B04623FC6FF54EAF88938A8936E    142336    ----a-w-    C:\Windows\System32\poqexec.exe
2015-05-12 19:15:32    C489D8B4D8C64F20CC75A93F541F7D91    123904    ----a-w-    C:\Windows\SysWOW64\poqexec.exe
2015-05-12 19:15:30    F55F287810AAF708618793764AF7D1BB    23552    ----a-w-    C:\Windows\System32\sdbinst.exe
2015-05-12 19:15:30    715C060150D969B0DE5DD5B365A712AF    20992    ----a-w-    C:\Windows\SysWOW64\sdbinst.exe
2015-05-09 13:49:04    B31271E7EB3854EE9893DB08BFB43EB3    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-2362506607-1263999183-2596280161-1000\$IDV68LH.exe
2015-05-09 13:48:52    D7F23F8B58E2782EBE201FC117D283A3    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-2362506607-1263999183-2596280161-1000\$I4KINJJ.exe
2015-05-09 13:48:30    4139ECA2B97F65E780C799C44B177FD5    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-2362506607-1263999183-2596280161-1000\$I94RURZ.exe
2015-05-09 12:50:59    C5A9A225F429DCAFC6CA49071D063C90    2102784    ----a-w-    C:\Users\James\Downloads\FRST64.exe
2015-05-09 00:22:27    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2015-05-09 00:22:27    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2015-05-09 00:22:27    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2015-05-09 00:22:27    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2015-05-09 00:22:27    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
2015-05-08 23:53:29    12F3D9FC2D1D68BB1C9AF782F94E4CF8    272296    ----a-w-    C:\Windows\SysWOW64\javaws.exe
=== C: other files ==
2015-05-12 19:15:55    F7DFAE6040AC910B7C64EE208A34157D    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-05-12 19:15:55    8FE94F2EF9BF444E93E35D87E210D02F    155584    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2015-05-12 19:15:44    D858C33B133740D5F1F1CF71C33F6355    3204608    ----a-w-    C:\Windows\System32\win32k.sys
2015-05-10 00:35:05    DD4E7B51BDB5B35D1A3D994DFDE5A05A    7473107    ----a-w-    C:\Users\James\Downloads\M7529v1.2.zip

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ml9wxw52.default
user_pref("browser.startup.homepage", "https://www.yahoo.com/");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Extensions ======================

ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ml9wxw52.default
- Blur Formerly DoNotTrackMe - %ProfilePath%\extensions\donottrackplus@abine.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ml9wxw52.default
9AE02005247DA91AB1743F5208DBEF76    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -    Shockwave Flash


==== Chromium Look ======================

Bookmark Manager - James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo  Url="http://www.google.com/search?q={sear"
{72CC6FAF-BDF5-4718-B38B-3410FD481BF9} Google  Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

==== shortcuts on Users Desktops ======================

C:\Users\James\Desktop\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\James\Desktop\Computer.lnk -  
C:\Users\James\Desktop\Excel.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\James\Desktop\Flexible Retirement Planner.lnk - C:\Program Files (x86)\Flexible Retirement Planner\frp.exe
C:\Users\James\Desktop\Garry's Mod.lnk - C:\Program Files (x86)\Steam\Steam.exe steam://rungameid/4000
C:\Users\James\Desktop\PowerPoint.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\James\Desktop\Sound - Shortcut.lnk -  
C:\Users\James\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\James\Desktop\Wird.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\James\Desktop\Alex\Alex's Stuff\iTunes.lnk - C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe
C:\Users\James\Desktop\GIMP\GIMP 2.lnk - C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe
C:\Users\James\Desktop\GIMP\paint.net.lnk - C:\Program Files (x86)\paint.net\PaintDotNet.exe
C:\Users\James\Desktop\Jack\Gimp\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe
C:\Users\James\Desktop\Jack\Gimp\Uninstall.lnk - C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe
C:\Users\James\Desktop\Jack\Music and random crap\complaint-letter.lnk - C:\Users\James\Downloads\complaint-letter.doc
C:\Users\James\Desktop\Jack\Music and random crap\hey essay im breaking into your car.lnk - C:\Users\James\Downloads\hey essay im breaking into your car.docx
C:\Users\James\Desktop\Jack\Skyrim stuff\Nexus Mod Manager.lnk - C:\Program Files (x86)\Nexus Mod Manager\NexusClient.exe
C:\Users\James\Desktop\James\Taxes\2014\TaxACT 2014.lnk - C:\TaxACT\TaxACT 2014\TaxACT14.exe
C:\Users\UpdatusUser\Desktop\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\UpdatusUser\Desktop\Flexible Retirement Planner.lnk - C:\Program Files (x86)\Flexible Retirement Planner\frp.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Arduino.lnk - C:\Program Files (x86)\Arduino\arduino.exe
C:\Users\Public\Desktop\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe -showAppPicker
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Unifying\Logitech Unifying Software.lnk - C:\Program Files\Common Files\LogiShrd\Unifying\DJCUHost.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter\SDFormatter.lnk - C:\Program Files (x86)\SDA\SD Formatter\SDFormatter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT\TaxACT 2014 Michigan Readme.lnk - C:\TaxACT\TaxACT 2014\State1040Readme.txt NOTEPAD.EXE C:\TaxACT\TAXACT~1\\1040_MIreadme.txt

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Citrix Receiver.lnk - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe -showAppPicker
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -  
C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75932EE05AB03F84FAFA19C253187532 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EE23957-0BA5-48F3-AFAF-912C35815723} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\75932EE05AB03F84FAFA19C253187532 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PDJ9A1T will be deleted at reboot
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWXQ52YU will be deleted at reboot
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4JHMIT3 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\James\AppData\Local\Mozilla\Firefox\Profiles\ml9wxw52.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=202 folders=80 44099422 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\James\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\James\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\AVG Web TuneUp"  not found
"C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PDJ9A1T" not found
"C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWXQ52YU" not found
"C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4JHMIT3" not found

==== EOF on Fri 05/15/2015 at 14:17:32.18 ======================
 

ESET Log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=697fef61c383054eb9f0a06b659ea28c
# engine=23870
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-15 08:39:04
# local_time=2015-05-15 04:39:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 98 0 117913128 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 183265794 0 0
# scanned=291130
# found=0
# cleaned=0
# scan_time=7211
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:47 AM

Posted 16 May 2015 - 05:27 AM

lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 jwhitcomb

jwhitcomb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 16 May 2015 - 11:16 AM

Seem to be no more problems at this time, thanks!



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:47 AM

Posted 16 May 2015 - 11:24 AM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKU\S-1-5-21-2362506607-1263999183-2596280161-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

No need to post the log.

Step 2

revouninstaller.pngRevo Uninstaller Free

  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 3

Reinstall Google Chrome. Download

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 jwhitcomb

jwhitcomb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 16 May 2015 - 12:56 PM

All steps are complete.  Thanks for your help!  James



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:47 AM

Posted 16 May 2015 - 01:02 PM

You are welcome! Take care! :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:47 AM

Posted 16 May 2015 - 01:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users