Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to install any antivirus or run RKill


  • This topic is locked This topic is locked
No replies to this topic

#1 druid9

druid9

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 13 October 2015 - 06:32 PM

I believe I have been infected with a trojan horse which created a "Man in the middle attack" and redirected my online banking.

 

The computer was previously used as media centre and has now been repurposed as a genral duties machine.

 

I have tried to install malwarebytes, AVG, and a few other antivirus programs. I have also attempted to use RKiller. In most cases, the splash screen appears but when I click run, nothing happens in either safe or normal mode.

 

Please help, thanks in advance.

 

FRST Log below, additions.txt attached

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
Ran by Paul (administrator) on ACER-REVO (14-10-2015 10:16:04)
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & LogMeInRemoteUser & Admin)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10867816 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-30] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-30] (Acer Corp.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [804952 2010-04-07] (GlavSoft LLC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [{810C7B94-BE0B-18C7-D663-BA6DE5295A25}] => C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [MPExtended Configurator] => C:\Program Files (x86)\MPExtended\Service\MPExtended.Applications.ServiceConfigurator.exe [1174528 2012-12-03] (mpextended.github.com)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [GoogleChromeAutoLaunch_29EBA8C2ED1206321A8B41FC997F63B8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Paul\Downloads\rkill.scr [2019656 2015-10-11] (Bleeping Computer, LLC)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk [2010-04-24]
ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B1112E69-32A8-4AE0-AF67-AE909508D6AB}: [DhcpNameServer] 192.168.178.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://au.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-28] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-02-23] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-29] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-29] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll [2010-01-06] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-09-11] (Telstra Corporation Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-01-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-10] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com.au/
CHR StartupUrls: Default -> "hxxp://www.google.com.au/","hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EAU&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EAU&apn_dbr=cr_35.0.1916.114&apn_uid=9E4D2450-8643-48A4-BE11-327E8B82DCE5&itbv=12.12.2.83&doi=2014-06-05&psv=&pt=tb","hxxp://websearch.calcitapp.info/","hxxps://au.search.yahoo.com/?type=994519&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> google.com.au_
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-29]
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-29]
CHR Extension: (Sortd Smart Skin for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni [2015-09-26]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-12]
CHR Extension: (Mindjet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkinhfhnglbhoeoeooekalejbhbhgl [2015-01-29]
CHR Extension: (Block Sender) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bklnjbfcmglhiaoppcckdodanccbelcg [2015-07-03]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-29]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-29]
CHR Extension: (HelloSign for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbigingaodhnil [2015-09-25]
CHR Extension: (Telstra Extension) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2015-02-05]
CHR Extension: (Gmail Offline) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-04-16]
CHR Extension: (Google Sheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Speed Dial 2) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-01-29]
CHR Extension: (LinkedIn Export Tool) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgipmhdegifoehfbbffcfbmpfmbjaiem [2015-01-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-28]
CHR Extension: (HTML Live) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhnnniabbinkphbhmjdaigcbdicakdfn [2015-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-01-29]
CHR Extension: (WiseStamp - Email Signatures for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2015-01-29]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-09-26]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-01-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-10-10] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507752 2015-10-10] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
S2 MPExtended Service; C:\Program Files (x86)\MPExtended\Service\MPExtended.ServiceHosts.CoreService.exe [6144 2012-12-03] (Microsoft) [File not signed]
S2 MPExtended WebMediaPortal; C:\Program Files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exe [13824 2012-11-25] () [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
S2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed]
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-12] (TeamViewer GmbH)
S2 TV4HomeCoreService; C:\Program Files (x86)\TV4Home Core Service\TV4Home.Server.CoreService.exe [6656 2011-07-16] (tv4home.codeplex.com) [File not signed]
S2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [804952 2010-04-07] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-28] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 zremote; C:\Windows\System32\Drivers\zremote.sys [19456 2010-04-26] (Streamzap, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dpclat_driver; \??\C:\Windows\system32\drivers\dpclat_driver.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 10:16 - 2015-10-14 10:16 - 00022200 _____ C:\Users\Paul\Desktop\FRST.txt
2015-10-14 10:13 - 2015-10-14 10:13 - 02196480 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2015-10-14 09:53 - 2015-10-14 09:53 - 04404952 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe
2015-10-14 09:15 - 2015-10-14 09:15 - 00019041 _____ C:\ComboFix.txt
2015-10-14 08:44 - 2015-10-14 08:44 - 05636349 ____R (Swearware) C:\Users\Paul\Desktop\sega.com.exe
2015-10-14 08:43 - 2015-10-14 08:44 - 05636349 _____ (Swearware) C:\Users\Paul\Downloads\ComboFix.exe
2015-10-13 19:35 - 2015-10-13 20:25 - 93282968 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\sadface.exe
2015-10-13 18:23 - 2015-10-13 18:23 - 00642155 _____ C:\Users\Paul\Downloads\Unconfirmed 924176.crdownload
2015-10-13 18:21 - 2011-06-26 17:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-13 18:21 - 2010-11-08 04:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-13 18:21 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-13 18:21 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-13 18:21 - 2000-08-31 11:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-13 06:58 - 2015-10-13 06:58 - 00290848 _____ C:\Windows\Minidump\101315-23166-01.dmp
2015-10-13 06:13 - 2015-10-13 06:14 - 00290848 _____ C:\Windows\Minidump\101315-21668-01.dmp
2015-10-13 06:08 - 2015-10-13 06:08 - 00290848 _____ C:\Windows\Minidump\101315-22479-01.dmp
2015-10-13 06:00 - 2015-10-13 06:00 - 00380416 _____ C:\Users\Paul\Downloads\qz5811iq.exe
2015-10-13 05:44 - 2015-10-13 05:45 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.09.3.1001.exe
2015-10-11 08:11 - 2015-10-11 08:11 - 00000000 ____D C:\Users\Admin\AppData\Local\Apps\2.0
2015-10-11 08:11 - 2015-10-11 07:09 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-10-11 08:09 - 2015-10-11 08:09 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2015-10-11 08:09 - 2015-10-11 08:09 - 00000000 ____D C:\Users\Admin
2015-10-11 08:09 - 2015-01-31 11:01 - 00002104 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-10-11 08:09 - 2010-04-25 15:52 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help
2015-10-11 08:09 - 2009-07-14 15:54 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 08:09 - 2009-07-14 15:49 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-11 07:59 - 2015-10-11 07:59 - 00000335 _____ C:\Users\Paul\Downloads\FixExe.reg
2015-10-11 07:14 - 2015-10-11 07:14 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\rkill.scr
2015-10-11 07:13 - 2015-10-11 07:13 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\uSeRiNiT.exe
2015-10-11 07:08 - 2015-10-11 07:09 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Desktop\rkill.exe
2015-10-10 18:01 - 2015-10-13 10:34 - 00025060 _____ C:\Windows\system32\CFG4041501513
2015-10-10 12:38 - 2015-10-10 18:00 - 00000000 ____D C:\VIPRERESCUE
2015-10-10 05:50 - 2015-10-10 05:50 - 00000000 ____D C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com
2015-10-10 05:49 - 2015-10-10 19:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-10 05:49 - 2015-10-10 05:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-09 07:04 - 2015-10-09 07:04 - 12270747 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket FRONT.ppt.zip
2015-10-08 18:22 - 2015-10-08 18:22 - 02243333 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket V3.zip
2015-10-08 18:08 - 2015-10-08 18:11 - 31625202 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket V3.pptx
2015-10-08 05:25 - 2015-10-08 05:28 - 00043809 _____ C:\Users\Paul\Downloads\Addition.txt
2015-10-08 05:21 - 2015-10-08 05:28 - 00049265 _____ C:\Users\Paul\Downloads\FRST.txt
2015-10-08 05:19 - 2015-10-14 10:16 - 00000000 ____D C:\FRST
2015-10-08 05:08 - 2015-10-08 05:08 - 00000000 ____D C:\Users\Paul\Downloads\mbam-chameleon-3.1.25.0
2015-10-08 05:07 - 2015-10-08 05:08 - 06383209 _____ C:\Users\Paul\Downloads\mbam-chameleon-3.1.25.0.zip
2015-10-07 06:31 - 2015-10-10 18:00 - 00000000 ____D C:\Program Files (x86)\TrojanHunter
2015-10-07 06:31 - 2015-10-07 06:31 - 00000000 ____D C:\ProgramData\TrojanHunter
2015-10-07 06:00 - 2015-10-07 06:01 - 04383777 _____ C:\Users\Paul\Downloads\tdsskiller.zip
2015-10-07 05:59 - 2015-10-07 06:00 - 00392012 _____ C:\Users\Paul\Downloads\rannohdecryptor.zip
2015-10-07 05:15 - 2015-10-10 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\CrashDumps
2015-10-07 05:15 - 2015-10-10 17:38 - 00002192 _____ C:\Users\Paul\AppData\Local\multiscan.log
2015-10-06 21:44 - 2015-10-06 21:44 - 00199467 _____ C:\Users\Paul\AppData\Local\census.cache
2015-10-06 21:44 - 2015-10-06 21:44 - 00116321 _____ C:\Users\Paul\AppData\Local\ars.cache
2015-10-06 20:29 - 2015-10-06 20:29 - 00000036 _____ C:\Users\Paul\AppData\Local\housecall.guid.cache
2015-10-06 19:44 - 2015-10-06 19:44 - 00000000 ____D C:\Users\Paul\AppData\Local\TempTaskUpdateDetectionDDCA5D8B-17A7-4CCE-A3C6-AA3E2641B185
2015-10-06 19:30 - 2015-10-14 09:15 - 00000000 ____D C:\Qoobox
2015-10-06 19:30 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-06 19:30 - 2000-08-31 11:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-06 19:30 - 2000-08-31 11:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-06 19:29 - 2015-10-13 19:03 - 00000000 ____D C:\Windows\erdnt
2015-10-05 13:43 - 2015-10-05 13:43 - 00011985 _____ C:\Users\Paul\Downloads\Downton_Abbey_S06E03_HDTV_x264-ORGANiC[sltv].torrent
2015-09-30 22:00 - 2015-09-30 22:00 - 01593524 _____ C:\Users\Paul\Downloads\4411337+The+Trials+of+Jim.ace
2015-09-30 21:58 - 2015-09-30 21:58 - 01920428 _____ C:\Users\Paul\Downloads\4396279+The+Trials+of+Jim.ace
2015-09-30 14:46 - 2015-09-30 14:46 - 00009641 _____ C:\Users\Paul\Desktop\GRS Cash Expenses.xlsx
2015-09-30 14:46 - 2015-09-30 14:46 - 00000165 ____H C:\Users\Paul\Desktop\~$GRS Cash Expenses.xlsx
2015-09-30 11:51 - 2015-09-30 11:52 - 12698101 _____ C:\Users\Paul\Downloads\New video 810 - 720p.mp4
2015-09-29 07:00 - 2015-09-29 07:01 - 10903184 _____ C:\Users\Paul\Downloads\Video 810 - 720p.mp4
2015-09-28 08:06 - 2015-09-28 08:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\java
2015-09-28 08:05 - 2015-10-10 18:00 - 00000000 ____D C:\Users\Paul\Downloads\FileBot_4.6-portable
2015-09-28 08:04 - 2015-09-28 08:05 - 27663315 _____ C:\Users\Paul\Downloads\FileBot_4.6-portable.zip
2015-09-27 17:59 - 2015-09-27 17:59 - 00017152 _____ C:\Users\Paul\Downloads\The_Trials_of_Jimmy_Rose_S01E01_PreAir_HDTVx264-JIVE.torrent
2015-09-27 17:29 - 2015-09-27 17:29 - 00098921 _____ C:\Users\Paul\Downloads\An_Inspector_Calls_720p_HDTV_x264-TLA[rartv].torrent
2015-09-27 16:50 - 2015-09-27 16:50 - 00000807 _____ C:\Users\Paul\Downloads\FRITZ!Box_Fon_WLAN_7360_124.06.05_27.09.2015_15-50-diagnose.csv
2015-09-26 11:23 - 2015-09-26 17:19 - 15281050 _____ C:\Users\Paul\Documents\Your  Backyard supermarket.pptx
2015-09-24 20:33 - 2015-09-24 20:33 - 00000874 _____ C:\Users\Paul\Desktop\DSC_5043 - Shortcut.lnk
2015-09-21 07:13 - 2015-09-21 07:13 - 00000525 _____ C:\Users\Paul\Downloads\iCalEvent.ics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 09:15 - 2013-03-20 13:37 - 00000000 ____D C:\Users\Paul\AppData\Local\Apps\2.0
2015-10-14 09:09 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2015-10-14 08:34 - 2010-03-14 14:05 - 01948929 _____ C:\Windows\WindowsUpdate.log
2015-10-14 08:26 - 2009-07-14 15:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 08:26 - 2009-07-14 15:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 08:21 - 2009-07-14 16:13 - 00798598 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-14 08:18 - 2011-07-10 12:24 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2015-10-14 08:16 - 2011-07-24 18:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 08:15 - 2014-01-27 18:30 - 00001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-10-14 08:15 - 2014-01-27 18:30 - 00000992 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-10-14 08:15 - 2010-09-08 10:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-14 08:15 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-14 08:15 - 2009-07-14 15:51 - 00063863 _____ C:\Windows\setupact.log
2015-10-14 07:10 - 2011-07-24 18:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 07:02 - 2013-03-20 13:40 - 00000000 ____D C:\ProgramData\LogMeIn
2015-10-13 19:27 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-13 18:52 - 2009-10-13 09:12 - 00871784 _____ C:\Windows\PFRO.log
2015-10-13 18:52 - 2009-07-14 13:34 - 74973184 _____ C:\Windows\system32\config\software.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 18874368 _____ C:\Windows\system32\config\system.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2015-10-13 07:00 - 2010-04-23 21:30 - 00000000 ____D C:\Users\Paul\Tracing
2015-10-13 06:58 - 2010-09-08 21:09 - 412297370 _____ C:\Windows\MEMORY.DMP
2015-10-13 06:58 - 2010-09-08 21:09 - 00000000 ____D C:\Windows\Minidump
2015-10-12 06:49 - 2015-07-19 09:55 - 00000000 ____D C:\Users\Paul\Documents\Outlook Files
2015-10-11 07:04 - 2015-03-22 06:13 - 00000000 ____D C:\ProgramData\Freemake
2015-10-11 07:04 - 2015-03-22 06:12 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-10-11 06:56 - 2015-02-07 05:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-11 00:15 - 2015-01-29 06:20 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-10 20:59 - 2015-01-31 10:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-10 19:26 - 2015-08-05 18:43 - 00000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-10 19:26 - 2015-08-05 18:43 - 00000963 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-10-10 19:12 - 2010-04-21 18:41 - 00000000 ____D C:\Users\Paul
2015-10-10 19:05 - 2011-07-24 18:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-10 19:05 - 2011-07-24 18:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-10 19:04 - 2013-03-20 13:41 - 00122752 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-10-10 19:04 - 2013-03-20 13:41 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-10-10 19:04 - 2013-03-20 13:41 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-10-10 18:01 - 2015-09-02 11:34 - 00000000 ___HD C:\Users\Paul\AppData\Roaming\OCFanEeZ
2015-10-10 18:01 - 2015-03-17 19:48 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Azureus
2015-10-10 18:01 - 2015-01-29 06:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-10 18:01 - 2010-04-26 19:58 - 00000000 ____D C:\Users\Paul\AppData\Roaming\vlc
2015-10-10 18:01 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-10 18:00 - 2013-03-20 13:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-10-10 17:59 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\registration
2015-10-10 17:57 - 2011-07-24 18:00 - 00000000 ____D C:\Users\Paul\AppData\Local\Google
2015-10-10 17:57 - 2010-04-25 11:09 - 00000000 ____D C:\ProgramData\MySQL
2015-10-10 17:57 - 2010-03-14 14:16 - 00000000 ____D C:\ProgramData\Temp
2015-10-10 17:57 - 2009-07-14 14:20 - 00000000 __RHD C:\Users\Default
 
==================== Files in the root of some directories =======
 
2010-08-14 18:19 - 2010-08-14 18:19 - 0000917 _____ () C:\Users\Paul\AppData\Roaming\coreavc.ini
2015-10-06 21:44 - 2015-10-06 21:44 - 0116321 _____ () C:\Users\Paul\AppData\Local\ars.cache
2015-10-06 21:44 - 2015-10-06 21:44 - 0199467 _____ () C:\Users\Paul\AppData\Local\census.cache
2015-10-06 20:29 - 2015-10-06 20:29 - 0000036 _____ () C:\Users\Paul\AppData\Local\housecall.guid.cache
2015-10-07 05:15 - 2015-10-10 17:38 - 0002192 _____ () C:\Users\Paul\AppData\Local\multiscan.log
2010-06-06 19:04 - 2015-03-24 05:39 - 0007597 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp1999.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp19A9.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp19BA.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp19BB.txt
2010-08-30 11:57 - 2010-08-30 11:57 - 0166143 _____ () C:\Users\Paul\AppData\Local\Temptmp1FEF.png
2010-08-30 11:50 - 2010-08-30 11:50 - 0014302 _____ () C:\Users\Paul\AppData\Local\Temptmp201F.png
2010-09-10 14:12 - 2010-09-10 14:12 - 0157323 _____ () C:\Users\Paul\AppData\Local\Temptmp203F.jpg
2010-08-31 11:06 - 2010-08-31 11:06 - 0482183 _____ () C:\Users\Paul\AppData\Local\Temptmp206F.jpg
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp2C58.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp2C78.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp2C89.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp304F.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp3050.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp3061.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp3062.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp35BC.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp35CC.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp35DD.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp35ED.txt
2010-03-20 22:17 - 2010-03-20 22:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp3F31.png
2010-03-20 04:07 - 2010-03-20 04:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp3F42.png
2010-03-20 15:51 - 2010-03-20 15:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp3F52.png
2011-03-11 17:26 - 2011-03-11 17:26 - 0011566 _____ () C:\Users\Paul\AppData\Local\Temptmp3F53.txt
2010-02-01 15:30 - 2010-02-01 15:30 - 0082726 _____ () C:\Users\Paul\AppData\Local\Temptmp5129.ico
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\Temptmp520F.png
2010-08-30 11:57 - 2010-08-30 11:57 - 0166143 _____ () C:\Users\Paul\AppData\Local\Temptmp5848.png
2010-08-30 11:50 - 2010-08-30 11:50 - 0014302 _____ () C:\Users\Paul\AppData\Local\Temptmp5897.png
2010-09-10 14:12 - 2010-09-10 14:12 - 0157323 _____ () C:\Users\Paul\AppData\Local\Temptmp58B7.jpg
2010-08-31 11:06 - 2010-08-31 11:06 - 0482183 _____ () C:\Users\Paul\AppData\Local\Temptmp58E7.jpg
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp5F7E.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp5FBE.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp5FCE.png
2010-04-04 21:37 - 2010-04-04 21:37 - 0006092 _____ () C:\Users\Paul\AppData\Local\Temptmp6323.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp6D42.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp6D81.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp6DA1.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp77CE.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp77DF.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp77F0.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp7800.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp89A5.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp89B5.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp89C6.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp89C7.txt
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\Temptmp8CDD.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp8E1A.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp8E4A.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp8E6A.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp9E33.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp9E34.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp9E45.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp9E46.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpA380.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpA391.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpA392.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpA393.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpA741.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpA752.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpA753.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpA763.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpBCE3.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpBCE4.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpBCF4.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpBCF5.txt
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\TemptmpC7DA.png
2010-12-07 22:50 - 2010-12-07 22:50 - 0024053 _____ () C:\Users\Paul\AppData\Local\TemptmpD0D8.png
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\TemptmpD33.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpD65F.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpD6CD.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpD75A.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpD7F7.txt
2009-09-19 16:05 - 2009-09-19 16:05 - 0046980 _____ () C:\Users\Paul\AppData\Local\TemptmpD836.jpg
2011-06-27 10:40 - 2011-06-27 10:40 - 0013040 _____ () C:\Users\Paul\AppData\Local\TemptmpED25.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpED65.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpED85.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpEDA5.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpEF00.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpEF11.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpEF12.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpEF13.txt
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpEFA9.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpEFE8.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpF008.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpF4EA.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpF50A.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpF51B.png
2013-08-21 12:52 - 2013-08-21 12:52 - 0112640 ___SH () C:\Users\Paul\AppData\Local\Thumbs.db
2015-02-14 11:48 - 2015-02-14 11:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-14 14:16 - 2010-03-14 14:24 - 0008440 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-08-23 20:56 - 2012-06-03 10:46 - 0051087 _____ () C:\ProgramData\DirectShowSpy.log
2009-10-13 09:26 - 2009-07-18 12:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-08-30 22:45 - 2010-09-06 23:32 - 0000846 _____ () C:\ProgramData\nvUnsupRes.dat
 
Files to move or delete:
====================
C:\ProgramData\nvUnsupRes.dat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-11 00:27
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users