Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bank website complaint led to Win32/Alinaos.G cleaned. Anything else?


  • This topic is locked This topic is locked
6 replies to this topic

#1 derrill

derrill

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 29 May 2015 - 11:15 AM

At Nevada State Bank's website http://www.nsbank.com, I have a business login for several accounts that I help administer. I found my login was disabled and contacted the bank. They said my computer was compromised, and said I needed to clean it before they would turn me back on.

 

I updated then ran Microsoft Defender/Essentials/whatever it's called this week, which came up with nothing. Because I have an IT background from a few years ago, I think I know what I'm doing, so I downloaded and ran, in order: Combofix, TDSKiller, rkill, AdwCleaner, and then installed Malwarebytes Anti-Exploit.

 

Then I ran Microsoft Defender and it cleaned what it calls TrojanSpy:Win32/Alinaos.G from C:\Users\Derrill\AppData\Roaming\Install\winRAR.exe. I am assuming Combofix or one of the others broke it so Defender could even see it.

 

It also cleaned Worm:Win32/Gamarue, but that was from C:\Qoobox\Quarantine\C\ProgramData\mskrcx.exe.vir.

 

I came here to ask if I'm clean now. I see from the prep guide that I'm not supposed to run Combofix without explicit directions to do so. I hope that what I've done won't ruin my chances for support, or complicate your ability to support me.

 

I play WoW on this computer, and log in to several gmail accounts, but WoW and the gmail accounts all have authenticators attached. I guess I'll dump the password scheme I've been using and come up with a new one. I'm assuming all my passwords are now compromised.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Derrill (administrator) on DERRILLOCT2012 on 29-05-2015 08:50:50
Running from E:\Downloads
Loaded Profiles: Derrill (Available Profiles: Derrill)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
( ) C:\Windows\System32\lmabcoms.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Just Great Software) C:\Program Files\Just Great Software\AceText\AceText.exe
(Dropbox, Inc.) C:\Users\Derrill\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Curse) C:\Users\Derrill\AppData\Local\Apps\2.0\QL82M4YX.B98\4QM56WJN.QRW\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Just Great Software) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5761752 2015-05-08] (Box, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-05-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2462680 2015-05-06] (FileZilla Project)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\...\Run: [GoogleChromeAutoLaunch_AB19034D8F1D7D8D4CC224232804A97F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\...\Run: [00E60D122CC594C0FB84AD0B03C23889B0FB6447._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
Startup: C:\Users\Derrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AceText.lnk [2013-02-27]
ShortcutTarget: AceText.lnk -> C:\Program Files\Just Great Software\AceText\AceText.exe (Just Great Software)
Startup: C:\Users\Derrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-08-04] ()
Startup: C:\Users\Derrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-11-30] ()
Startup: C:\Users\Derrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-07-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Derrill\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Derrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2012-10-13]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Derrill\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derrill\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3643886906-2555528348-1857643674-1000 -> {95870965-B082-4F33-89F4-DEB696C8CA8C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-14] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-14] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - &ClipMate ClipBar v7.5 - {F60C63CE-52AF-4915-AAC9-F100FCDE270F} - C:\Program Files (x86)\ClipMate7\ClipMateDeskBand.dll [2012-12-27] (Thornsoft Development, Inc)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3643886906-2555528348-1857643674-1000 -> &ClipMate ClipBar v7.5 - {F60C63CE-52AF-4915-AAC9-F100FCDE270F} - C:\Program Files (x86)\ClipMate7\ClipMateDeskBand.dll [2012-12-27] (Thornsoft Development, Inc)
Toolbar: HKU\S-1-5-21-3643886906-2555528348-1857643674-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\..\Interfaces\{DDE7559B-6867-4E2A-B080-720F2E6A6CEF}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-26] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3643886906-2555528348-1857643674-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Derrill\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3643886906-2555528348-1857643674-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Derrill\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3643886906-2555528348-1857643674-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Derrill\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-03-26] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Derrill\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-26] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\amazon-search-suggestions.xml [2015-04-09]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\borderlands-wiki-en.xml [2013-02-17]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\deus-ex-wiki-en.xml [2014-04-23]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\dishonored-wiki-en.xml [2014-02-09]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\doomhammer-a.xml [2015-03-21]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\imdb.xml [2013-01-04]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\internet-movie-firearms-database---guns-in-movies-tv-and-vid.xml [2012-12-20]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\ninjawords.xml [2012-11-04]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\orcz-en.xml [2013-07-14]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\wowhead.xml [2012-10-15]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\wowpedia-en.xml [2012-10-19]
FF SearchPlugin: C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\searchplugins\youtube-video-search.xml [2015-05-07]
FF Extension: FT DeepDark - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-04-16]
FF Extension: FireGestures - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\firegestures@xuldev.org.xpi [2012-10-13]
FF Extension: Free Memory - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\jid1-n85lxPv1NAWVTQ@jetpack.xpi [2014-06-28]
FF Extension: Reddit Enhancement Suite - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-03-12]
FF Extension: RSS Icon in url bar - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\rssicon.vaka@gmail.com.xpi [2012-10-13]
FF Extension: Textarea Cache - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi [2014-04-01]
FF Extension: Search By Image (by Google) - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2015-05-08]
FF Extension: Adblock Plus - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-13]
FF Extension: Tab Mix Plus - C:\Users\Derrill\AppData\Roaming\Mozilla\Firefox\Profiles\657i9nz5.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-01-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-18]

Chrome:
=======
CHR Profile: C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-09-30]
CHR Extension: (Google Drive) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-10-09]
CHR Extension: (YouTube) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-09]
CHR Extension: (uBlock Origin) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-03-10]
CHR Extension: (Google Search) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-09]
CHR Extension: (Netflix) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-12-25]
CHR Extension: (Google Cast (Beta)) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2014-12-25]
CHR Extension: (FlashFree) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmieckllmmifjjbipnppinpiohpfahm [2012-10-09]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-21]
CHR Extension: (Google Webspam Report (by Google)) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2012-11-02]
CHR Extension: (Gmail Offline) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2012-10-09]
CHR Extension: (Google Calendar) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-11-02]
CHR Extension: (Box) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2012-11-02]
CHR Extension: (Google Play Music) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-09-26]
CHR Extension: (Youtube Video Downloader) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgdjbcjnihndbfmmggceololenekadg [2013-03-25]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2012-11-02]
CHR Extension: (Bookmark Manager) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Google Keep Extension) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnhdnhocdcaopghnfjndhkjccfbdfnj [2013-03-25]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-11-25]
CHR Extension: (Google Play Music) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2012-11-02]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-03-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2012-11-02]
CHR Extension: (Hangouts) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-02-21]
CHR Extension: (Google Play) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Smooth Gestures) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2013-03-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-10-31]
CHR Extension: (Google Maps) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-11-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2012-11-02]
CHR Extension: (Google Play Books) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-11-25]
CHR Extension: (Hangouts) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-27]
CHR Extension: (OneDrive) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-11-25]
CHR Extension: (Google Wallet) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2012-11-02]
CHR Extension: (Greyscale) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm [2012-11-02]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2012-10-09]
CHR Extension: (Gmail) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-09]
CHR HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-05-01]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Derrill\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-09-24] (Box, Inc.)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [793560 2015-05-06] (FileZilla Project)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]
R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-26] ()
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 CORSGMS; C:\Windows\System32\drivers\CORSGMS.sys [25600 2012-03-27] ( ) [File not signed]
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 PORTMON; E:\Downloads\SysinternalsSuite\PORTMSYS.SYS [28656 2014-01-04] (Systems Internals) [File not signed]
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-05-18] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
S3 SaiK1713; C:\Windows\System32\DRIVERS\SaiK1713.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-02-01] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek)
S3 SaiU1713; C:\Windows\System32\DRIVERS\SaiU1713.sys [47168 2012-09-20] (Saitek)
S3 WRfiltv; C:\Windows\System32\drivers\WRfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S4 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 08:45 - 2015-05-29 08:50 - 00000000 ____D () C:\FRST
2015-05-29 08:20 - 2015-05-29 08:26 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-29 08:20 - 2015-05-29 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-29 08:20 - 2015-05-29 08:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-05-29 08:20 - 2012-10-15 09:07 - 00000318 _____ () C:\Users\Derrill\Desktop\Curse Client.appref-ms
2015-05-29 08:17 - 2015-05-29 08:17 - 00002414 _____ () C:\Users\Derrill\Desktop\Rkill.txt
2015-05-29 08:15 - 2015-05-29 08:15 - 00044139 _____ () C:\ComboFix.txt
2015-05-24 15:07 - 2015-05-24 15:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-24 15:07 - 2015-05-24 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-18 21:15 - 2015-05-21 00:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 15:13 - 2015-05-18 15:13 - 00001588 _____ () C:\Users\Derrill\Desktop\ftp scans (DEG-2013OCT21).lnk
2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\FileZilla Server
2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server
2015-05-18 10:34 - 2015-03-13 20:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-18 10:34 - 2015-03-13 20:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-18 10:34 - 2015-03-13 20:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-18 10:34 - 2015-03-13 20:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-13 03:04 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:04 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:40 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 19:40 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 19:40 - 2015-04-21 19:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 19:40 - 2015-04-21 18:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 19:40 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 19:40 - 2015-04-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 19:40 - 2015-04-21 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 19:40 - 2015-04-21 09:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 19:40 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 19:40 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 19:40 - 2015-04-21 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 19:40 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 19:40 - 2015-04-21 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 19:40 - 2015-04-21 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 19:40 - 2015-04-21 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 19:40 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 19:40 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 19:40 - 2015-04-21 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 19:40 - 2015-04-21 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 19:40 - 2015-04-21 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 19:40 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 19:40 - 2015-04-21 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 19:40 - 2015-04-21 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 19:40 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 19:40 - 2015-04-21 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 19:40 - 2015-04-21 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 19:40 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 19:40 - 2015-04-21 09:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 19:40 - 2015-04-21 09:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 19:40 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 19:40 - 2015-04-21 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 19:40 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 19:40 - 2015-04-21 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 19:40 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 19:40 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 19:40 - 2015-04-21 09:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 19:40 - 2015-04-21 09:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 19:40 - 2015-04-21 09:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 19:40 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 19:40 - 2015-04-21 08:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 19:40 - 2015-04-21 08:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 19:40 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 19:40 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 19:40 - 2015-04-21 08:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 19:40 - 2015-04-21 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 19:40 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 19:40 - 2015-04-21 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 19:40 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 19:40 - 2015-04-21 08:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 19:40 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 19:40 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 19:40 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 19:40 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 19:40 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 19:40 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 19:40 - 2015-04-21 08:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 19:40 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 19:40 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 19:40 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 19:40 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 19:40 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 19:40 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 19:40 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 19:40 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 19:40 - 2015-04-03 20:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 19:40 - 2015-04-03 20:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 19:40 - 2015-04-03 20:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 19:40 - 2015-04-03 20:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 19:40 - 2015-04-03 20:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 19:40 - 2015-04-03 20:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 19:40 - 2015-04-03 20:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 19:40 - 2015-04-03 20:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 19:40 - 2015-04-03 20:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 19:40 - 2015-04-03 20:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 19:40 - 2015-04-03 20:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 19:40 - 2015-04-03 20:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 19:40 - 2015-04-03 20:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 19:40 - 2015-04-03 20:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 19:40 - 2015-04-03 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 19:40 - 2015-04-03 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 19:40 - 2015-04-03 20:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 19:40 - 2015-04-03 20:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 19:40 - 2015-04-03 20:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 19:40 - 2015-04-03 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 19:40 - 2015-04-03 19:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 19:39 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 19:39 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 19:39 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 19:39 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 19:39 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 19:39 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 19:39 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 19:39 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 19:39 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 19:39 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 19:39 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 19:39 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 19:39 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 19:39 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 19:39 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 19:39 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 19:39 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 19:39 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-05 11:25 - 2015-05-05 11:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 08:48 - 2015-01-29 08:31 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\Install
2015-05-29 08:37 - 2012-10-19 10:45 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3643886906-2555528348-1857643674-1000UA.job
2015-05-29 08:34 - 2012-10-15 09:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-29 08:26 - 2009-07-13 21:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 08:26 - 2009-07-13 21:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 08:25 - 2012-10-09 13:21 - 02029107 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 08:25 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-29 08:20 - 2014-09-30 12:25 - 00000000 ____D () C:\Users\Derrill\AppData\Local\Box Sync
2015-05-29 08:20 - 2013-07-03 20:11 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\Dropbox
2015-05-29 08:20 - 2012-10-09 13:46 - 00000000 ____D () C:\Users\Derrill\AppData\Local\Deployment
2015-05-29 08:19 - 2014-02-03 21:14 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\Raptr
2015-05-29 08:19 - 2012-10-13 13:41 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\stickies
2015-05-29 08:19 - 2012-10-09 13:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 08:19 - 2012-10-09 13:46 - 00000000 ____D () C:\Users\Derrill\AppData\Local\Apps\2.0
2015-05-29 08:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 08:19 - 2009-07-13 21:51 - 00098586 _____ () C:\Windows\setupact.log
2015-05-29 08:18 - 2015-01-29 08:24 - 00000000 ____D () C:\AdwCleaner
2015-05-29 08:15 - 2015-01-29 09:08 - 00000000 ____D () C:\Qoobox
2015-05-29 08:15 - 2012-10-09 13:46 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-29 08:14 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-29 08:13 - 2010-11-20 20:47 - 00273792 _____ () C:\Windows\PFRO.log
2015-05-29 08:12 - 2012-10-09 13:21 - 00000000 ____D () C:\Users\Derrill
2015-05-28 20:37 - 2012-10-19 10:45 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3643886906-2555528348-1857643674-1000Core.job
2015-05-26 10:44 - 2014-06-27 17:38 - 00000000 ____D () C:\Users\Derrill\AppData\Local\Adobe
2015-05-26 10:43 - 2012-10-15 09:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-26 10:43 - 2012-10-15 09:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-26 10:43 - 2012-10-15 09:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-26 10:40 - 2012-10-13 13:55 - 00000000 ____D () C:\Users\Derrill\Desktop\Unused Desktop Icons
2015-05-26 10:38 - 2014-02-03 21:08 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-26 09:00 - 2012-10-09 13:59 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-24 15:07 - 2014-09-19 20:47 - 00002128 _____ () C:\Users\Derrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-24 15:07 - 2014-09-19 20:47 - 00000000 ___RD () C:\Users\Derrill\OneDrive
2015-05-24 15:07 - 2012-12-09 18:32 - 00000000 ____D () C:\ProgramData\Skype
2015-05-24 15:06 - 2012-10-18 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-05-24 15:05 - 2013-08-25 12:03 - 00000000 ____D () C:\Users\Derrill\AppData\Local\Battle.net
2015-05-24 14:44 - 2013-08-25 12:03 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-24 00:38 - 2014-09-19 20:47 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-21 11:54 - 2015-02-03 00:43 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-20 09:00 - 2014-06-06 17:30 - 00003842 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1397456529
2015-05-19 12:08 - 2014-09-30 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2015-05-18 10:44 - 2014-06-19 19:35 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\GlarySoft
2015-05-18 10:41 - 2014-06-19 19:35 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\DiskDefrag
2015-05-18 10:41 - 2012-10-09 13:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 10:34 - 2015-04-14 21:16 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-18 10:34 - 2015-04-14 21:16 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-15 15:10 - 2012-10-09 13:46 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 15:10 - 2012-10-09 13:46 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 22:52 - 2012-10-19 11:31 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\PFrank
2015-05-14 20:32 - 2012-10-19 10:45 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3643886906-2555528348-1857643674-1000UA
2015-05-14 20:32 - 2012-10-19 10:45 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3643886906-2555528348-1857643674-1000Core
2015-05-14 11:25 - 2014-07-18 19:12 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-05-14 11:25 - 2014-07-18 19:12 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-05-14 11:25 - 2014-07-18 19:12 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-05-13 07:09 - 2012-10-09 13:58 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-13 03:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 03:32 - 2014-12-12 00:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:32 - 2014-12-12 00:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:32 - 2009-07-13 21:45 - 00436544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 03:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 03:15 - 2012-10-09 14:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:14 - 2012-12-20 12:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 03:14 - 2012-10-09 13:55 - 00002154 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:14 - 2012-10-09 13:53 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:14 - 2012-10-09 13:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:14 - 2012-10-09 13:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:12 - 2013-07-13 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:06 - 2012-10-10 17:05 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:06 - 2009-07-13 19:34 - 00000514 _____ () C:\Windows\win.ini
2015-05-13 03:03 - 2014-12-12 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-08 16:38 - 2013-07-03 20:12 - 00000000 ____D () C:\Users\Derrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-07 16:50 - 2012-12-23 18:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-01 09:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-30 19:10 - 2012-10-09 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-29 09:25 - 2015-04-06 11:12 - 00000000 ____D () C:\Users\Derrill\Desktop\NEW TRAININGS

==================== Files in the root of some directories =======

2015-01-29 05:06 - 2015-01-29 05:06 - 0035840 _____ () C:\Users\Derrill\AppData\Roaming\gladiator[extended.edition]-aXXo.nfo
2015-01-29 05:07 - 2015-01-29 05:07 - 0165888 _____ () C:\Users\Derrill\AppData\Roaming\Read Me.txt

Some files in TEMP:
====================
C:\Users\Derrill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbvyux4.dll
C:\Users\Derrill\AppData\Local\Temp\Quarantine.exe
C:\Users\Derrill\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 00:36

==================== End of log ============================

Attached Files


Edited by derrill, 29 May 2015 - 11:17 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 PM

Posted 31 May 2015 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:


HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Box) - C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2012-11-02]
CHR HKU\S-1-5-21-3643886906-2555528348-1857643674-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S4 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Derrill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl
AlternateDataStreams: C:\ProgramData\TEMP:B0D4D817

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 derrill

derrill
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 03 June 2015 - 11:47 AM

Thank you. Apologies for the belated response. I have been under the weather.
 
The computer is running about the same as it was before - it was running fine before. The bank's website team reported that I had the problem; I had no other issues to speak of. I have one issue I'd like to figure out sometime which I will mention now only in case it matters: When I try to drag a file or shortcut from my desktop or a folder to another location, it does not immediately grab it. If I wait a moment, the icon shows up and it behaves correctly.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 PM

Posted 03 June 2015 - 01:25 PM

Google this string drag and drop very slow you will find many suggestions.

===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

If still no joy the continue.

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.
<<<>>>

Keep me posted.

#5 derrill

derrill
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 05 June 2015 - 02:55 PM

Huh. Last known good fixed the drag and drop slowdown.

 

The two found pups in the eset log are from an archive of an old computer (I forgot I had that old copy of my google drive, or there would be just the one).

Attached Files

  • Attached File  eset.txt   484bytes   1 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 PM

Posted 06 June 2015 - 06:51 AM

Delete them if you do not need it.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 PM

Posted 12 June 2015 - 07:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users