Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Agent.AI and potentially PUP.Optional. ConduitTB.Gen


  • This topic is locked This topic is locked
13 replies to this topic

#1 Han2013

Han2013

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:53 PM

Posted 11 June 2015 - 04:09 PM

Hi there,

 

So my credit card has been compromised twice in the past 6 months and I assumed I had a keylogger which I was sure I got rid of. The first time it happened was last year in October and then again a couple of weeks ago and I've since not done any online shopping or banking.

 

Earlier today, my computer shut down on it's own while I wasn't using it and I found it odd since I'd just done an update to Windows yesterday so there shouldn't have been a reason for it. When it restarted I checked Malwarebytes (I have premium) and found the Trojan quarantined. I also have kept the PUP in quarantine and that was attempted twice in two different locations at the same time. 

 

I'm very careful with the sites I go to and know enough not to click on links in emails. I always clear my history so I'm not sure what I'm doing wrong or if infact I've gotten rid of these. When it originally happened, I came here and found someone that recently had the same issue so I followed the steps. I ran MBAB, CCleaner, Adware, Junkware and CCleaner and MBAB again.

 

I have Microsoft Security Essentials. I'm not sure what I'm doing wrong but I have to believe I may still have a keylogger for my card to be compromised twice in less than 6 months. Please let me know what I'm missing.

 

Thanks!

 

 

When I run Adware cleaner, last week and today I get this: 

 

[C:\Users\lamaral\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

the ask.com keeps coming up even though I never agree to add additional toolbars, etc.

 

Here's the Farbar Scan Result:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015

Ran by lamaral (administrator) on LAMARAL-PC on 11-06-2015 16:44:35
Running from C:\Users\lamaral\Desktop\June Scan
Loaded Profiles: lamaral (Available Profiles: lamaral)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPRSP.lnk [2015-04-27]
ShortcutTarget: Brother BPRSP.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC)
BootExecute: autocheck autochk /r \??\I:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gfe_rd=cr&ei=BHffVK3CMqXz8wfR3IDABQ&gws_rd=ssl
HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM-x32 -> {30F7B3B5-D37A-43F5-A761-32481072F802} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3129066892-2352473795-3419008345-1000 -> {1F04E225-0582-4E94-9A08-B7E594BF4859} URL = 
SearchScopes: HKU\S-1-5-21-3129066892-2352473795-3419008345-1000 -> {30F7B3B5-D37A-43F5-A761-32481072F802} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/MY/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {E68C89AA-554F-43F3-8D5E-9B36D873081B} http://www.rogershelp.com/ocf/prjOCFTools.CAB
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remoteaccess.nokia.com/dana-cached/sc/JuniperSetupClient.cab
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: rogers.com/firehorn -> C:\Program Files (x86)\Rogers\Rogers One Number\npRogersOneNumber64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-07-21] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-04-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3129066892-2352473795-3419008345-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\lamaral\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-04-30] (Zoom Video Communications, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-01-24]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-01-24]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2015-02-27]
FF HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\lamaral\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\lamaral\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\lamaral\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-02-08] (DeviceVM, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [473088 2015-01-13] (Livescribe) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-13] (Microsoft Corporation)
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-16] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-11 16:14 - 2015-06-11 16:14 - 00001064 _____ C:\Users\lamaral\Desktop\JRT.txt
2015-06-11 15:59 - 2015-06-11 16:44 - 00000000 ____D C:\Users\lamaral\Desktop\June Scan
2015-06-10 09:18 - 2015-05-08 23:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-10 09:18 - 2015-05-08 23:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-10 09:18 - 2015-05-08 23:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-10 09:18 - 2015-05-08 23:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-10 09:18 - 2015-05-08 23:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-10 09:18 - 2015-05-08 23:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-10 09:18 - 2015-05-08 23:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-10 09:18 - 2015-05-08 23:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-10 09:18 - 2015-05-08 23:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-10 09:18 - 2015-05-08 23:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-10 09:18 - 2015-05-08 23:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-10 09:18 - 2015-05-08 23:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-10 09:18 - 2015-05-08 23:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-10 09:18 - 2015-05-08 23:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-10 09:18 - 2015-05-08 23:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-10 09:18 - 2015-05-08 23:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-10 09:06 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:06 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:06 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:06 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:06 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:06 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:06 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:06 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:06 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:06 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:06 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:06 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:06 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:06 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:06 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:06 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:06 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:06 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:06 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:06 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:06 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:06 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:06 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:06 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:06 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:06 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:06 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:06 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:06 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:06 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:06 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:06 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:06 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:06 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:06 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:06 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:06 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:06 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:06 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:06 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:06 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:06 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:06 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 09:05 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:05 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:05 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:05 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:05 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:05 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:05 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:05 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:05 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:05 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:05 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:05 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:05 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:05 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:05 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:05 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:05 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:05 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:05 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:05 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:05 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:05 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:05 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:05 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:05 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:04 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:04 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:04 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:04 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:04 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:04 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:04 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:04 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:04 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:04 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:04 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:04 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:04 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:04 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:04 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:04 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:04 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:04 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:04 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:04 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:04 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:04 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:04 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:04 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:04 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:04 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:04 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:04 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:04 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:04 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:04 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:04 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:04 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:04 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:04 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:04 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:04 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:04 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 14:28 - 2015-06-09 14:28 - 00002759 _____ C:\Users\lamaral\Desktop\AdwCleaner[R16].txt
2015-06-09 14:12 - 2015-06-09 14:12 - 02231296 _____ C:\Users\lamaral\Desktop\adwcleaner_4.206 (5).exe
2015-06-09 14:07 - 2015-06-09 14:12 - 02231296 _____ C:\Users\lamaral\Desktop\adwcleaner_4.206.exe
2015-06-05 11:29 - 2015-06-05 11:29 - 00000000 ____D C:\Users\lamaral\AppData\Local\GWX
2015-06-05 11:11 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 11:11 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 11:11 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 11:11 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 11:11 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 11:11 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 11:11 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 11:11 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-04 13:09 - 2015-06-10 12:55 - 00000000 ____D C:\Users\lamaral\Desktop\Jason's condo
2015-06-04 13:03 - 2015-06-04 13:03 - 13714792 _____ C:\Users\lamaral\Desktop\untitled folder.zip
2015-05-31 13:34 - 2015-06-11 15:32 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3129066892-2352473795-3419008345-1000.job
2015-05-31 13:34 - 2015-05-31 13:34 - 00003704 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3129066892-2352473795-3419008345-1000
2015-05-30 16:10 - 2015-05-30 16:10 - 00007882 _____ C:\Users\lamaral\Desktop\startup.txt
2015-05-30 15:26 - 2015-05-30 15:26 - 02947635 _____ (Thisisu) C:\Users\lamaral\Downloads\JRT (1).exe
2015-05-30 15:18 - 2015-05-30 15:18 - 02947635 _____ (Thisisu) C:\Users\lamaral\Downloads\JRT.exe
2015-05-30 15:18 - 2015-05-30 15:18 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LAMARAL-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-30 15:18 - 2015-05-30 15:18 - 00000000 ____D C:\RegBackup
2015-05-30 15:02 - 2015-05-30 15:02 - 02223104 _____ C:\Users\lamaral\Downloads\AdwCleaner.exe
2015-05-27 09:08 - 2015-05-27 09:09 - 06549184 _____ (Piriform Ltd) C:\Users\lamaral\Downloads\ccsetup506.exe
2015-05-20 13:30 - 2015-05-20 13:30 - 00000700 _____ C:\Users\lamaral\Downloads\webinar-alert-krXK0ETPeRTDmt8.ics
2015-05-18 11:55 - 2015-05-29 14:53 - 00000000 ____D C:\Users\lamaral\Documents\FITNESS
2015-05-17 19:39 - 2015-05-17 19:39 - 00000698 _____ C:\Users\lamaral\Downloads\webinar-alert-vP3iUis9Ckbyl04.ics
2015-05-17 13:19 - 2015-05-17 13:19 - 02107392 _____ (Farbar) C:\Users\lamaral\Downloads\FRST64 (1).exe
2015-05-17 12:53 - 2015-05-17 12:53 - 02209792 _____ C:\Users\lamaral\Downloads\adwcleaner_4.204.exe
2015-05-17 12:05 - 2015-06-11 16:05 - 00000000 ____D C:\Users\lamaral\Desktop\May Scan
2015-05-17 00:16 - 2015-05-17 00:16 - 00033105 _____ C:\ComboFix.txt
2015-05-16 22:23 - 2015-05-16 22:23 - 05623645 ____R (Swearware) C:\Users\lamaral\Downloads\ComboFix.exe
2015-05-16 21:44 - 2015-05-17 13:28 - 00062200 _____ C:\Users\lamaral\Downloads\Addition.txt
2015-05-16 21:42 - 2015-05-17 13:28 - 00069996 _____ C:\Users\lamaral\Downloads\FRST.txt
2015-05-16 21:41 - 2015-05-16 21:41 - 02107392 _____ (Farbar) C:\Users\lamaral\Downloads\FRST64.exe
2015-05-13 05:12 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 05:12 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:36 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 02:36 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 02:36 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 02:34 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 02:34 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 02:34 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 02:33 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 02:33 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 02:33 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 02:33 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 02:33 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 02:33 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 02:33 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 02:33 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 02:33 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 02:33 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 02:33 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-11 16:46 - 2010-12-05 16:20 - 00000000 ____D C:\Users\lamaral\Documents\Outlook Files
2015-06-11 16:44 - 2015-03-04 13:08 - 00000000 ____D C:\FRST
2015-06-11 16:18 - 2015-02-19 14:57 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3129066892-2352473795-3419008345-1000.job
2015-06-11 16:04 - 2014-01-02 21:01 - 00000000 ____D C:\AdwCleaner
2015-06-11 16:03 - 2014-11-09 23:25 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{84914A88-041B-4837-934C-5C3B2717FB1E}
2015-06-11 16:02 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-11 16:02 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-11 15:59 - 2010-06-26 05:45 - 01997597 ____N C:\Windows\WindowsUpdate.log
2015-06-11 15:55 - 2014-11-23 19:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-11 15:53 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 13:47 - 2009-07-14 01:13 - 00882928 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 13:41 - 2009-07-14 00:45 - 05180888 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 13:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 10:13 - 2010-03-01 16:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 09:57 - 2013-07-15 05:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 09:32 - 2011-03-21 07:08 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 12:19 - 2015-04-27 11:19 - 00023497 _____ C:\Windows\BRRBCOM.INI
2015-06-09 10:54 - 2015-03-09 09:26 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 10:49 - 2014-12-21 09:00 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForlamaral
2015-06-09 10:49 - 2014-12-21 09:00 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForlamaral.job
2015-06-08 11:40 - 2011-06-01 06:30 - 00000000 ____D C:\Users\lamaral\Documents\Job Search
2015-06-06 19:19 - 2011-06-01 06:33 - 00000000 ____D C:\Users\lamaral\Documents\RECIPES
2015-06-05 11:25 - 2014-12-11 11:00 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-05 11:25 - 2014-05-06 06:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-04 13:42 - 2011-12-18 08:23 - 00000000 ____D C:\Users\lamaral\AppData\Local\Corel
2015-06-04 13:31 - 2011-12-18 08:22 - 00000000 ____D C:\Users\lamaral\Documents\My PSP Files
2015-06-04 13:17 - 2013-04-21 14:02 - 00001456 _____ C:\Users\lamaral\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-06-04 10:55 - 2014-11-09 22:46 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-01 08:36 - 2013-03-21 06:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 08:36 - 2011-07-26 16:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 08:36 - 2011-07-26 16:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 08:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Web
2015-05-31 13:34 - 2015-02-19 14:57 - 00003608 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3129066892-2352473795-3419008345-1000
2015-05-31 07:26 - 2010-12-10 20:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-05-30 16:20 - 2014-11-14 08:31 - 00003618 _____ C:\Windows\System32\Tasks\Java™ Platform SE 6 U17
2015-05-30 16:17 - 2015-01-09 18:50 - 00003290 _____ C:\Windows\System32\Tasks\{5D486F7C-047C-43F5-8E1A-EC940B085383}
2015-05-30 16:17 - 2014-11-14 08:30 - 00003740 _____ C:\Windows\System32\Tasks\DivX Update
2015-05-30 16:17 - 2012-10-17 18:22 - 00003308 _____ C:\Windows\System32\Tasks\{2F025FC2-AB3D-4B57-8D63-6F2F6FE843E7}
2015-05-30 16:17 - 2011-06-11 10:32 - 00003296 _____ C:\Windows\System32\Tasks\{788CA6EF-89FE-4148-AC99-9D55A0E11D46}
2015-05-30 16:15 - 2013-03-21 06:22 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-30 16:15 - 2011-07-26 16:54 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-30 16:15 - 2011-07-26 16:54 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-30 14:59 - 2011-04-12 14:07 - 00000000 ____D C:\Users\lamaral\AppData\Local\CrashDumps
2015-05-30 14:58 - 2015-01-25 10:50 - 00000000 ____D C:\Users\lamaral\AppData\Roaming\vlc
2015-05-27 17:24 - 2015-04-29 07:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-27 09:10 - 2014-11-09 22:46 - 00000832 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-05-27 09:10 - 2014-11-09 22:46 - 00000000 ____D C:\Program Files\CCleaner
2015-05-21 08:53 - 2015-04-04 08:46 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 08:53 - 2015-04-04 08:46 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-18 13:27 - 2011-06-01 06:33 - 00000000 ____D C:\Users\lamaral\Documents\PERSONAL
2015-05-18 08:33 - 2014-09-26 12:24 - 00001983 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-05-17 00:17 - 2014-11-16 03:05 - 00000000 ____D C:\Qoobox
2015-05-16 22:51 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-05-15 18:35 - 2011-12-07 13:40 - 00000000 ____D C:\Windows\Minidump
2015-05-13 06:12 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 06:12 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 05:47 - 2012-05-03 09:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-13 05:47 - 2011-03-19 07:28 - 00002127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 05:47 - 2011-03-19 07:28 - 00001945 _____ C:\Windows\epplauncher.mif
2015-05-13 05:47 - 2011-03-19 07:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-13 05:11 - 2013-03-14 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 17:03 - 2014-11-16 02:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 
==================== Files in the root of some directories =======
 
2011-01-23 16:56 - 2011-06-19 14:55 - 0001854 _____ () C:\Users\lamaral\AppData\Roaming\GhostObjGAFix.xml
2012-02-19 13:23 - 2012-03-15 07:13 - 0000268 ___RH () C:\Users\lamaral\AppData\Roaming\Phaser
2012-03-15 07:14 - 2012-03-15 07:14 - 0000268 ___RH () C:\Users\lamaral\AppData\Roaming\Piano
2012-02-19 13:23 - 2012-03-15 07:13 - 0000268 ___RH () C:\Users\lamaral\AppData\Roaming\Piano Hard
2013-12-30 02:44 - 2013-12-30 02:44 - 0000000 _____ () C:\Users\lamaral\AppData\Roaming\SharedSettings.ccs
2013-04-21 14:02 - 2015-06-04 13:17 - 0001456 _____ () C:\Users\lamaral\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-12-18 08:26 - 2015-03-01 14:49 - 0007680 _____ () C:\Users\lamaral\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-30 02:52 - 2013-12-30 02:52 - 0067992 _____ () C:\Users\lamaral\AppData\Local\eklmhonx
2013-12-30 02:53 - 2013-12-30 02:53 - 0012326 _____ () C:\Users\lamaral\AppData\Local\fafrdeaq
2012-04-27 09:12 - 2012-04-27 09:12 - 0004096 ____H () C:\Users\lamaral\AppData\Local\keyfile3.drm
2013-12-30 02:45 - 2013-12-30 02:45 - 0067992 _____ () C:\Users\lamaral\AppData\Local\mkoatkud
2012-11-05 14:35 - 2014-09-26 11:35 - 0001699 _____ () C:\Users\lamaral\AppData\Local\rogerscookie
2012-03-15 07:13 - 2012-03-15 07:13 - 0000268 ___RH () C:\ProgramData\Pianos and Keyboards
2012-03-15 07:14 - 2012-03-15 07:14 - 0000268 ___RH () C:\ProgramData\Pick Bass
2012-03-15 07:13 - 2012-03-15 07:13 - 0000268 ___RH () C:\ProgramData\Pipe Organ
2012-02-19 13:23 - 2012-03-15 07:14 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-02-19 13:23 - 2012-08-30 16:32 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-02-19 13:23 - 2012-08-30 16:32 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2010-06-26 06:04 - 2010-06-26 06:04 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-03-01 18:20 - 2010-03-01 18:21 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-06-26 06:04 - 2010-06-26 06:04 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-03-01 18:16 - 2010-03-01 18:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-06-26 06:03 - 2010-06-26 06:03 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-06-26 06:04 - 2010-06-26 06:04 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-03-01 18:16 - 2010-03-01 18:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-03-01 18:17 - 2010-03-01 18:20 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-06-26 06:04 - 2010-06-26 06:05 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Files to move or delete:
====================
C:\Users\lamaral\acrobat.exe
C:\Users\lamaral\acrobat125564.exe
C:\Users\lamaral\acrobatreader.exe
C:\Users\lamaral\acrobatreader952287.exe
C:\Users\lamaral\alg416370.exe
C:\Users\lamaral\alg576985.exe
C:\Users\lamaral\chrome848685.exe
C:\Users\lamaral\conhost535713.exe
C:\Users\lamaral\conhost985179.exe
C:\Users\lamaral\csrss119661.exe
C:\Users\lamaral\csrss47418.exe
C:\Users\lamaral\csrss978718.exe
C:\Users\lamaral\ctfmon110654.exe
C:\Users\lamaral\ctfmon402048.exe
C:\Users\lamaral\flashplayer.exe
C:\Users\lamaral\googleupdate.exe
C:\Users\lamaral\googleupdate948028.exe
C:\Users\lamaral\icq.exe
C:\Users\lamaral\java307822.exe
C:\Users\lamaral\java540503.exe
C:\Users\lamaral\java642097.exe
C:\Users\lamaral\msconfig19739.exe
C:\Users\lamaral\msconfig576784.exe
C:\Users\lamaral\mstsc.exe
C:\Users\lamaral\notepad371625.exe
C:\Users\lamaral\notepad600065.exe
C:\Users\lamaral\opera721828.exe
C:\Users\lamaral\skype669323.exe
C:\Users\lamaral\skype864824.exe
C:\Users\lamaral\teamviewer433856.exe
C:\Users\lamaral\vlcplayer.exe
C:\Users\lamaral\winlogon545666.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 10:19
 
==================== End of log ============================
 
-------------------------------------------------------------------------------------------------------------------------------------------
Here's the MBAB Scan Result:
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/11/15
Scan Time: 11:10:53 AM
Logfile: Malware scan with Trojan.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.11.03
Rootkit Database: v2015.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lamaral
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415781
Time Elapsed: 50 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Agent.AI, C:\Users\lamaral\AppData\Local\Temp\Quarantine.exe, Quarantined, [86e9bffa9dedee4896282548c43e1be5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

----------------------------------------------------------------------

 

And MBAB after:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/11/15
Scan Time: 1:59:34 PM
Logfile: Malware scan.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.11.04
Rootkit Database: v2015.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lamaral
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415775
Time Elapsed: 52 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

-------------------------------------------------------------

Here's the Junkware removal result: 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Home Premium x64
Ran by lamaral on 06/11/15 at 16:05:55.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\lamaral\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\lamaral\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\lamaral\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\lamaral\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/11/15 at 16:14:35.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:53 PM

Posted 14 June 2015 - 12:09 PM

hi Han2013,

 

We will use first to remove some items. Iam usually only on this site once or twice per day so you may not get a response back from me until the following day.

 

copy/paste whats below between the two lines into notepad. Save it as fixlist.txt in the same location your have FRST- (your desktop)

Start FRST like you did before except this time click the Fix button once. Machine may reboot to finish. When all done- On your desktop you will find a .txt file called Fixlog.txt. Please copy/paste this in your reply

 

--------------------------------------------------------------

 

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM-x32 -> {30F7B3B5-D37A-43F5-A761-32481072F802} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3129066892-2352473795-3419008345-1000 -> {1F04E225-0582-4E94-9A08-B7E594BF4859} URL = 
SearchScopes: HKU\S-1-5-21-3129066892-2352473795-3419008345-1000 -> {30F7B3B5-D37A-43F5-A761-32481072F802} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} -  No File

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2011-12-18 08:26 - 2015-03-01 14:49 - 0007680 _____ () C:\Users\lamaral\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-30 02:52 - 2013-12-30 02:52 - 0067992 _____ () C:\Users\lamaral\AppData\Local\eklmhonx
2013-12-30 02:53 - 2013-12-30 02:53 - 0012326 _____ () C:\Users\lamaral\AppData\Local\fafrdeaq
2012-04-27 09:12 - 2012-04-27 09:12 - 0004096 ____H () C:\Users\lamaral\AppData\Local\keyfile3.drm
2013-12-30 02:45 - 2013-12-30 02:45 - 0067992 _____ () C:\Users\lamaral\AppData\Local\mkoatkud
2012-11-05 14:35 - 2014-09-26 11:35 - 0001699 _____ () C:\Users\lamaral\AppData\Local\rogerscookie
C:\Users\lamaral\acrobat.exe
C:\Users\lamaral\acrobat125564.exe
C:\Users\lamaral\acrobatreader.exe
C:\Users\lamaral\acrobatreader952287.exe
C:\Users\lamaral\alg416370.exe
C:\Users\lamaral\alg576985.exe
C:\Users\lamaral\chrome848685.exe
C:\Users\lamaral\conhost535713.exe
C:\Users\lamaral\conhost985179.exe
C:\Users\lamaral\csrss119661.exe
C:\Users\lamaral\csrss47418.exe
C:\Users\lamaral\csrss978718.exe
C:\Users\lamaral\ctfmon110654.exe
C:\Users\lamaral\ctfmon402048.exe
C:\Users\lamaral\flashplayer.exe
C:\Users\lamaral\googleupdate.exe
C:\Users\lamaral\googleupdate948028.exe
C:\Users\lamaral\icq.exe
C:\Users\lamaral\java307822.exe
C:\Users\lamaral\java540503.exe
C:\Users\lamaral\java642097.exe
C:\Users\lamaral\msconfig19739.exe
C:\Users\lamaral\msconfig576784.exe
C:\Users\lamaral\mstsc.exe
C:\Users\lamaral\notepad371625.exe
C:\Users\lamaral\notepad600065.exe
C:\Users\lamaral\opera721828.exe
C:\Users\lamaral\skype669323.exe
C:\Users\lamaral\skype864824.exe
C:\Users\lamaral\teamviewer433856.exe
C:\Users\lamaral\vlcplayer.exe
C:\Users\lamaral\winlogon545666.exe
EmptyTemp:
 
-------------------------------------------------------------------------

 


How Can I Reduce My Risk to Malware?


#3 Han2013

Han2013
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:53 PM

Posted 14 June 2015 - 12:59 PM

Hi Shelf Life,

 

Thanks very much for your reply. No worries...I appreciate your help. Everything but especially Chrome has been running painfully slow which I didn't mention earlier. I'm getting a lot of buffering when watching youtube or streaming music and lagging for pages to load, etc.  I deleted a version of Java that I didn't install yesterday and am never sure who to listen to about what version is the best to keep without updates as I know it can cause issues. Hopefully I did the right thing. I'd just like to avoid having my personal info hacked again and have to assume I've done something to cause it.

 

If there is something you saw in the logs that I've sent that I've done unknowingly that caused all this, please let me know so I can avoid doing it again.

 

Thanks in advance for your time and help. I'll wait for following instructions.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015

Ran by lamaral at 2015-06-14 13:39:35 Run:1
Running from C:\Users\lamaral\Desktop\June Scan
Loaded Profiles: lamaral (Available Profiles: lamaral)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM-x32 -> {30F7B3B5-D37A-43F5-A761-32481072F802} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3129066892-2352473795-3419008345-1000 -> {1F04E225-0582-4E94-9A08-B7E594BF4859} URL = 
SearchScopes: HKU\S-1-5-21-3129066892-2352473795-3419008345-1000 -> {30F7B3B5-D37A-43F5-A761-32481072F802} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2011-12-18 08:26 - 2015-03-01 14:49 - 0007680 _____ () C:\Users\lamaral\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-30 02:52 - 2013-12-30 02:52 - 0067992 _____ () C:\Users\lamaral\AppData\Local\eklmhonx
2013-12-30 02:53 - 2013-12-30 02:53 - 0012326 _____ () C:\Users\lamaral\AppData\Local\fafrdeaq
2012-04-27 09:12 - 2012-04-27 09:12 - 0004096 ____H () C:\Users\lamaral\AppData\Local\keyfile3.drm
2013-12-30 02:45 - 2013-12-30 02:45 - 0067992 _____ () C:\Users\lamaral\AppData\Local\mkoatkud
2012-11-05 14:35 - 2014-09-26 11:35 - 0001699 _____ () C:\Users\lamaral\AppData\Local\rogerscookie
C:\Users\lamaral\acrobat.exe
C:\Users\lamaral\acrobat125564.exe
C:\Users\lamaral\acrobatreader.exe
C:\Users\lamaral\acrobatreader952287.exe
C:\Users\lamaral\alg416370.exe
C:\Users\lamaral\alg576985.exe
C:\Users\lamaral\chrome848685.exe
C:\Users\lamaral\conhost535713.exe
C:\Users\lamaral\conhost985179.exe
C:\Users\lamaral\csrss119661.exe
C:\Users\lamaral\csrss47418.exe
C:\Users\lamaral\csrss978718.exe
C:\Users\lamaral\ctfmon110654.exe
C:\Users\lamaral\ctfmon402048.exe
C:\Users\lamaral\flashplayer.exe
C:\Users\lamaral\googleupdate.exe
C:\Users\lamaral\googleupdate948028.exe
C:\Users\lamaral\icq.exe
C:\Users\lamaral\java307822.exe
C:\Users\lamaral\java540503.exe
C:\Users\lamaral\java642097.exe
C:\Users\lamaral\msconfig19739.exe
C:\Users\lamaral\msconfig576784.exe
C:\Users\lamaral\mstsc.exe
C:\Users\lamaral\notepad371625.exe
C:\Users\lamaral\notepad600065.exe
C:\Users\lamaral\opera721828.exe
C:\Users\lamaral\skype669323.exe
C:\Users\lamaral\skype864824.exe
C:\Users\lamaral\teamviewer433856.exe
C:\Users\lamaral\vlcplayer.exe
C:\Users\lamaral\winlogon545666.exe
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully
HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{30F7B3B5-D37A-43F5-A761-32481072F802}" => key removed successfully
HKCR\Wow6432Node\CLSID\{30F7B3B5-D37A-43F5-A761-32481072F802} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F04E225-0582-4E94-9A08-B7E594BF4859}" => key removed successfully
HKCR\CLSID\{1F04E225-0582-4E94-9A08-B7E594BF4859} => key not found. 
"HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F7B3B5-D37A-43F5-A761-32481072F802}" => key removed successfully
HKCR\CLSID\{30F7B3B5-D37A-43F5-A761-32481072F802} => key not found. 
"HKU\S-1-5-21-3129066892-2352473795-3419008345-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{347879C9-A947-40AE-9DD3-81E6EE8BBB43}" => key removed successfully
HKCR\CLSID\{347879C9-A947-40AE-9DD3-81E6EE8BBB43} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
"HKCR\PROTOCOLS\Handler\intu-tt2011" => key removed successfully
HKCR\CLSID\{B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} => key not found. 
catchme => Service removed successfully
C:\Users\lamaral\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\lamaral\AppData\Local\eklmhonx => moved successfully.
C:\Users\lamaral\AppData\Local\fafrdeaq => moved successfully.
C:\Users\lamaral\AppData\Local\keyfile3.drm => moved successfully.
C:\Users\lamaral\AppData\Local\mkoatkud => moved successfully.
C:\Users\lamaral\AppData\Local\rogerscookie => moved successfully.
C:\Users\lamaral\acrobat.exe => moved successfully.
C:\Users\lamaral\acrobat125564.exe => moved successfully.
C:\Users\lamaral\acrobatreader.exe => moved successfully.
C:\Users\lamaral\acrobatreader952287.exe => moved successfully.
C:\Users\lamaral\alg416370.exe => moved successfully.
C:\Users\lamaral\alg576985.exe => moved successfully.
C:\Users\lamaral\chrome848685.exe => moved successfully.
C:\Users\lamaral\conhost535713.exe => moved successfully.
C:\Users\lamaral\conhost985179.exe => moved successfully.
C:\Users\lamaral\csrss119661.exe => moved successfully.
C:\Users\lamaral\csrss47418.exe => moved successfully.
C:\Users\lamaral\csrss978718.exe => moved successfully.
C:\Users\lamaral\ctfmon110654.exe => moved successfully.
C:\Users\lamaral\ctfmon402048.exe => moved successfully.
C:\Users\lamaral\flashplayer.exe => moved successfully.
C:\Users\lamaral\googleupdate.exe => moved successfully.
C:\Users\lamaral\googleupdate948028.exe => moved successfully.
C:\Users\lamaral\icq.exe => moved successfully.
C:\Users\lamaral\java307822.exe => moved successfully.
C:\Users\lamaral\java540503.exe => moved successfully.
C:\Users\lamaral\java642097.exe => moved successfully.
C:\Users\lamaral\msconfig19739.exe => moved successfully.
C:\Users\lamaral\msconfig576784.exe => moved successfully.
C:\Users\lamaral\mstsc.exe => moved successfully.
C:\Users\lamaral\notepad371625.exe => moved successfully.
C:\Users\lamaral\notepad600065.exe => moved successfully.
C:\Users\lamaral\opera721828.exe => moved successfully.
C:\Users\lamaral\skype669323.exe => moved successfully.
C:\Users\lamaral\skype864824.exe => moved successfully.
C:\Users\lamaral\teamviewer433856.exe => moved successfully.
C:\Users\lamaral\vlcplayer.exe => moved successfully.
C:\Users\lamaral\winlogon545666.exe => moved successfully.
EmptyTemp: => 499.6 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 13:40:57 ====


#4 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:53 PM

Posted 14 June 2015 - 02:55 PM

hi,

 

Cant really say based on the log that you had a keylogger on board. There are other ways to lose card information.

Keeping Java updated is a good idea as well as other software and Windows itself. You can uninstall older versions of Java. Usually your prompted to update Java unless this feature is turned off in the Java console.

 

https://www.java.com/en/download/windows_xpi.jsp

 

Always decline (uncheck) the offer to install anything else, like the ask toolbar during the Java install.

 

For Chrome you could try setting it back to its defaults. First you can backup your bookmarks if you want:

 

https://support.google.com/chrome/answer/96816?hl=en

 

Reset Chrome back to its defaults:

 

https://support.google.com/chrome/answer/3296214?hl=en

 

See if it behaves any better.

 

 


How Can I Reduce My Risk to Malware?


#5 Han2013

Han2013
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:53 PM

Posted 14 June 2015 - 10:50 PM

Hi there,

 

Thanks for your quick reply. So did the log I send you look OK? Nothing else needs to be done?

 

Windows is updated regularly. I let the updates run daily. I'm always a bit cautious when it comes to Acrobat and Java because I'm under the impression that these can bee somewhat risky.

 

If you say I should update Java I will. I usually decline the prompts to update based on what other people that know way more than I do suggest which is NOT to update Java. I can't find the latest version I have installed...do you have a suggestion as to what it should be? I may have deleted version 7.???.

 

 

 

I've backed up and reset Chrome a few times. If you have any other suggestions I'd appreciate your help.

 

Thanks!



#6 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:53 PM

Posted 15 June 2015 - 04:47 PM

hi,

 

I dont see anything else in the log that needs to be removed.  Flash and Java are updated often. The risk is not updating them and using a older version. The reason they get updated is to patch vulnerabilities that have been found and could be exploited in older versions.

 

you can verify Your Java version here: Remember to uncheck any "extra" offers during the install in both Java and Flash.

https://www.java.com/en/download/installed.jsp

 

Iam sure in Chrome you could find a addon or extension that would let you control Java and Flash per website. Toggle it on if needed. You could also just disable Java in your browsers. Just do a search in your favorite search engine for: Should I disable Java. You will get many hits.

 

Did resetting chrome help any?

 


How Can I Reduce My Risk to Malware?


#7 Han2013

Han2013
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:53 PM

Posted 15 June 2015 - 08:25 PM

Hi there,

 

Thanks for your reply and advice. It's working a bit better since I reset Chrome but it's still a bit slower than usual.

 

The link you gave me to verify Java version takes me to a page that says that plugin isn't supported....

NPAPI plugins don't work on Chrome version 42 and higher

https://support.google.com/chrome/answer/6213033

 

However from the java link you sent yesterday its tell me the latest version to download is: 

64-bit Java for Windows Recommended Version 8 Update 45 (filesize: 41.2 MB)

Release date April 14, 2015 

 

Should I just download that? I don't get the prompts to keep it updated. Also, I don't see a link to update Flash.

 

Thanks,

 

Lysa



#8 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:53 PM

Posted 16 June 2015 - 03:53 PM

if you look in Start>Control Panel and type in Java where it says Search control Panel. Or switch the view by catagory to small icons you should see Java and Flash.

clicking on these will tell you version info and update settings for each. If its the latest version then I would download it even though it wont work in chrome based on that link. If you use another browser as some people do then you still want to keep it updated.

flash;

https://get.adobe.com/flashplayer/

uncheck the optional offer for the Mcafee garbage


How Can I Reduce My Risk to Malware?


#9 Han2013

Han2013
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:53 PM

Posted 18 June 2015 - 07:36 AM

Hi there,

 

Either Java had been completely disabled or I removed it because it wasn't on my control panel. I've reinstalled and allowed prompts for updates. I had to install it offline.

 

As for Flash, it didn't show up in my control panel either and this is what it's showing me in my plugin details. 

 

Adobe Flash Player Version: 18.0.0.160
Shockwave Flash 18.0 r0
Name: Shockwave Flash
Description: Shockwave Flash 18.0 r0
Version: 18.0.0.160
Location: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
Type: PPAPI (out-of-process)
  Disable
MIME types: MIME type Description File extensions application/x-shockwave-flash Shockwave Flash .swf application/futuresplash FutureSplash Player .spl

 

 

I'm under the impression from reading a bit about this thatI should have a Flash Player version for Windows as well but it doesn't look like I do. Should I be installing one? Video is still lagging and buffering. 

 

Thanks in advance!



#10 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:53 PM

Posted 18 June 2015 - 04:53 PM

I guess I have those two panels because I dont use Chrome.

 

Looks like flash is updated when Chrome is updated. You would only have to install it if you used another browser:

https://support.google.com/chrome/answer/108086?hl=en

 

The Java plugin is disabled and wont run Java in Chrome either:

https://support.google.com/chrome/answer/1247383?hl=en

 

You could uninstall it from the add/remove programs panel. Its really not needed by apps and the reason its not supported in chrome anymore is because its a risk.

Video you might watch on the internet like you tube or a website?


How Can I Reduce My Risk to Malware?


#11 Han2013

Han2013
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:53 PM

Posted 18 June 2015 - 05:15 PM

Now that I've reinstalled Java, video seems to be buffering even more. I actually do use Internet Explorer but not a lot anymore. Should I see if I experience the same thing? Should I install Flash for Windows from IE? Should I try a different browser?

 

I had originally uninstalled Java from add/remove. When you refer to "IT's", not supported because it's a risk, are you referring to Java or Flash? If Java, I thought you said earlier it's a good idea to keep it up to date. 

 

Yes, any time I watch something on Youtube it buffers and lags.

 

Sorry for all the questions...just want to be sure I'm understanding correctly.

 

Thanks!



#12 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:53 PM

Posted 18 June 2015 - 08:19 PM

No problem. I was referring to Chromes Java plugin. Google disabling the plugin and no longer supporting Java. If Java is installed then you want to keep it updated.

Is it necessary to have Java installed? No, for home users your browser should function ok with out it. Flash might be alittle tougher to do without.

 

For adobe flash for IE- you would visit Adobe in Internet Explorer to install it: Uncheck any "optional offers"

 

https://get.adobe.com/flashplayer/

You tube should function ok in any browser. Install flash in IE and see how it behaves.

 

some links about Java if your intrested:

http://lifehacker.com/5988800/what-is-java-is-it-insecure-and-should-i-use-it

https://nakedsecurity.sophos.com/how-to-disable-java-chrome/

http://www.theguardian.com/technology/askjack/2013/feb/08/java-remove-ask-jack-technology

http://www.howtogeek.com/122934/java-is-insecure-and-awful-its-time-to-disable-it-and-heres-how/?PageSpeed=noscript

 

 


How Can I Reduce My Risk to Malware?


#13 Han2013

Han2013
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:53 PM

Posted 19 June 2015 - 04:41 AM

Thanks again for your time and help. I won't be able to check this out until later on Sunday but I'll let you know how it goes. Have a great weekend!



#14 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:53 PM

Posted 12 July 2015 - 01:35 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users