TechSpot

Adobe false site and redirection

By tedus987
Oct 17, 2014
  1. Ok, so while on break I decided to browse one of the wikis I haven't been to in a while but have never had a problem before and WoT stated was safe.

    next thing I know, I'm taken to what looks like a download adobe site (however I knew otherwise.) and at the same time zone alarm flags that the built in antivirus (using the kasperski engine) also picked up something in the temp folder, after deleting it my adobe then sas it needs an undate, however I would rather make sure my machine is clean before thying to update.

    ------------------------------------------------------------------------------------------------------------------------------------------
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 17/10/2014
    Scan Time: 15:29:50
    Logfile: MBAM AV log.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.10.17.05
    Rootkit Database: v2014.10.15.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Luke Fitton

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 560326
    Time Elapsed: 1 hr, 52 min, 1 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ------------------------------------------------------------------------

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344
    Run by Luke Fitton at 17:42:55 on 2014-10-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8133.5678 [GMT 1:00]
    .
    AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
    SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Extreme Security Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
    C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
    C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableSecureUIAPath = dword:1
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{69811E27-1133-44DD-B9F8-0A928A5D3582} : DHCPNameServer = 192.168.3.1
    TCP: Interfaces\{E5414010-5DBE-4DEA-AD4E-AE82AECD1FC6} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{F4B222B5-DF14-4703-8CAF-0BB117DBAB24} : DHCPNameServer = 192.168.0.1
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    SSODL: WebCheck - <orphaned>
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-Run: [NUSB3MON] "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"
    x64-Run: [ISW] "C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe" /icon="hidden"
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Luke Fitton\AppData\Roaming\Mozilla\Firefox\Profiles\ahruq7t2.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-6 83176]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-6 43240]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-4-25 20464]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2014-7-9 54104]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-7-9 177760]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-16 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-15 344064]
    R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2014-6-20 936728]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-9-21 2428088]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
    R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2014-4-17 22768]
    R2 ISWKL;ZoneAlarm AntiKeylogger ISWKL;C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [2014-7-17 54144]
    R2 IswSvc;ZoneAlarm AntiKeylogger IswSvc;C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [2014-7-17 1144952]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-6-20 169432]
    R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-8-13 96272]
    R2 ZoneAlarm AntiTheft;ZoneAlarm AntiTheft;C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [2014-8-13 3129992]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2013-5-27 106816]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2013-5-27 227648]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-27 122584]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-27 936664]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-25 58536]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-8-20 138568]
    S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-8-20 416072]
    S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2014-9-21 15768]
    S3 icsak;icsak;C:\Program Files (x86)\CheckPoint\AKL\AK\icsak.sys [2014-7-17 48512]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-4-25 449496]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-4-25 368624]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-4-25 790000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-25 19456]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-2-23 1142376]
    S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-8-22 119808]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-4-25 29696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-25 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-4-25 29696]
    S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2014-7-22 89232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-25 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-10-17 09:45:46 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01C79011-F4F0-4202-8DE7-E1238FBA760A}\mpengine.dll
    2014-10-15 10:53:50 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-10-15 10:50:53 6583296 ----a-w- C:\Windows\System32\mstscax.dll
    2014-09-29 10:07:19 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
    2014-09-29 10:07:18 -------- d-----r- C:\Users\Luke Fitton\OneDrive
    2014-09-29 10:07:03 -------- d-----w- C:\ProgramData\Microsoft OneDrive
    2014-09-29 09:34:54 -------- d-----w- C:\Users\Luke Fitton\AppData\Local\LogMeIn Rescue Applet
    2014-09-21 14:06:18 -------- d-----w- C:\Users\Luke Fitton\AppData\Roaming\NuGet
    2014-09-21 12:50:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
    2014-09-21 12:48:41 -------- d-----w- C:\Program Files (x86)\Windows Phone Silverlight Kits
    2014-09-21 12:48:26 2941888 ----a-w- C:\ProgramData\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
    2014-09-21 12:46:34 -------- d-----w- C:\Program Files (x86)\Microsoft XDE
    2014-09-21 12:40:48 -------- d-----w- C:\Program Files (x86)\AppInsights
    2014-09-21 12:37:02 -------- d-----w- C:\Program Files (x86)\Windows Phone Kits
    2014-09-21 12:19:12 -------- d-----w- C:\Program Files (x86)\Workflow Manager Tools
    2014-09-21 12:19:07 -------- d-----w- C:\Program Files (x86)\Open XML SDK
    2014-09-21 12:19:06 -------- d-----w- C:\Program Files\Microsoft Identity Extensions
    2014-09-21 12:18:48 -------- d-----w- C:\Program Files\Windows Identity Foundation
    2014-09-21 12:18:48 -------- d-----w- C:\Program Files (x86)\Windows Identity Foundation
    2014-09-21 12:18:22 -------- d-----w- C:\Program Files\SharePoint Client Components
    2014-09-21 12:18:19 -------- d-----w- C:\Program Files (x86)\Microsoft
    2014-09-21 12:17:31 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
    2014-09-21 12:17:29 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-09-21 12:13:11 -------- d-----w- C:\Program Files\Application Verifier
    2014-09-21 12:13:11 -------- d-----w- C:\Program Files (x86)\Application Verifier
    2014-09-21 12:12:58 -------- d-----w- C:\ProgramData\Windows App Certification Kit
    2014-09-21 12:10:00 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
    2014-09-21 12:05:22 -------- d-----w- C:\ProgramData\PreEmptive Solutions
    2014-09-21 12:01:33 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
    2014-09-21 12:00:18 -------- d-----w- C:\Program Files (x86)\Microsoft Web Tools
    2014-09-21 11:59:22 -------- d-----w- C:\Program Files\IIS Express
    2014-09-21 11:59:22 -------- d-----w- C:\Program Files (x86)\IIS Express
    2014-09-21 11:58:40 -------- d-----w- C:\ProgramData\NuGet
    2014-09-21 11:58:40 -------- d-----w- C:\Program Files (x86)\NuGet
    2014-09-21 11:58:35 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services
    2014-09-21 11:58:24 -------- d-----w- C:\Program Files\IIS
    2014-09-21 11:58:24 -------- d-----w- C:\Program Files (x86)\IIS
    2014-09-21 11:55:25 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
    2014-09-21 11:54:50 -------- d-----w- C:\Program Files (x86)\Windows Kits
    2014-09-21 11:48:27 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
    2014-09-21 11:48:06 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
    2014-09-21 11:40:53 -------- d-----w- C:\Windows\SysWow64\1033
    2014-09-21 11:40:51 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2014-09-21 11:40:51 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2014-09-21 11:31:13 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
    2014-09-21 11:27:40 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 12.0
    2014-09-21 11:27:14 -------- d-----w- C:\Windows\System32\1033
    2014-09-21 11:27:08 -------- d-----w- C:\Program Files\Microsoft Visual Studio 12.0
    2014-09-21 11:01:32 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
    2014-09-21 11:01:08 590536 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-09-21 10:54:33 -------- d-----w- C:\Program Files\Microsoft Office 15
    .
    ==================== Find3M ====================
    .
    2014-10-17 14:29:50 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-24 13:23:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-24 13:23:18 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-15 08:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
    2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-09-12 13:12:09 122584 ----a-w- C:\Windows\System32\drivers\7D835EB5.sys
    2014-09-04 09:24:41 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-09-04 09:09:31 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
    2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    2014-09-01 12:03:07 122584 ----a-w- C:\Windows\System32\drivers\609A1B00.sys
    2014-08-30 01:50:57 5702656 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
    2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
    2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
    2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
    2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
    2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
    2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
    2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    2014-08-13 10:21:10 646280 ----a-w- C:\Windows\System32\AntiTheftCredentialProvider.dll
    2014-08-13 09:16:02 450456 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
    2014-07-25 01:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 22:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    2014-07-23 01:27:02 699544 ----a-w- C:\Windows\SysWow64\PUGAExperiment.dll
    2014-07-23 01:27:02 1769632 ----a-w- C:\Windows\SysWow64\VsGraphicsHelper.dll
    2014-07-22 20:17:28 3036320 ----a-w- C:\Windows\System32\VSGraphicsHelper.dll
    2014-07-22 20:17:28 1359520 ----a-w- C:\Windows\System32\PUGAExperiment.dll
    2014-07-22 14:14:46 137376 ----a-w- C:\Windows\System32\vcomp120.dll
    .
    ============= FINISH: 17:43:20.26 ===============

    -----------------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25/06/2014 17:43:52
    System Uptime: 17/10/2014 15:27:26 (2 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | A88XM-A
    Processor: AMD A4-4000 APU with Radeon(tm) HD Graphics | FM2+ | 3000/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 65.489 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 465.657 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP29: 16/09/2014 10:11:12 - Windows Update
    RP30: 21/09/2014 12:20:01 - Microsoft Visual Studio Professional 2013 with Update 3
    RP31: 21/09/2014 12:20:56 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    RP32: 21/09/2014 12:21:30 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    RP33: 21/09/2014 12:21:46 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    RP34: 21/09/2014 12:22:22 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    RP35: 21/09/2014 12:55:04 - Installed DirectX
    RP36: 21/09/2014 13:18:30 - Windows Update
    RP37: 26/09/2014 11:23:12 - Windows Update
    RP38: 30/09/2014 10:22:29 - Windows Update
    RP39: 03/10/2014 11:20:12 - Windows Update
    RP40: 07/10/2014 10:27:53 - Windows Update
    RP41: 14/10/2014 11:12:20 - Windows Update
    RP42: 15/10/2014 16:26:35 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Tools for .Net 3.5
    ????? Visual Studio 2012 Verification SDK - rus
    7-Zip 9.20 (x64 edition)
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    AMD Accelerated Video Transcoding
    AMD Catalyst Control Center
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD USB 3.0 Device Detector
    AMD Wireless Display v3.0
    Application Insights Tools for Visual Studio 2013
    Asmedia ASM104x USB 3.0 Host Controller Driver
    AzureTools.Notifications
    Behaviors SDK (Windows Phone) for Visual Studio 2013
    Behaviors SDK (Windows) for Visual Studio 2013
    Blend for Visual Studio 2013
    Blend for Visual Studio 2013 ENU resources
    Blend for Visual Studio SDK for .NET 4.5
    Blend for Visual Studio SDK for Silverlight 5
    Build Tools - amd64
    Build Tools - x86
    Build Tools Language Resources - amd64
    Build Tools Language Resources - x86
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Dotfuscator and Analytics Community Edition
    Entity Framework 6.1.1 Tools for Visual Studio 2013
    FileZilla Client 3.8.1
    IIS 8.0 Express
    IIS Express Application Compatibility Database for x64
    IIS Express Application Compatibility Database for x86
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    Kit SDK de vérification de Visual Studio 2012 - fra
    LocalESPC
    LocalESPC Dev12
    LocalESPCui for en-us Dev12
    Malwarebytes Anti-Malware version 2.0.2.1012
    Memory Profiler
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 SDK
    Microsoft .NET Framework 4.5.1
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
    Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps
    Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU)
    Microsoft .NET Framework 4.5.1 SDK
    Microsoft Access 2013 - en-us
    Microsoft Advertising SDK for Windows 8.1 - ENU
    Microsoft Advertising SDK for Windows Phone 8.1 XAML - ENU
    Microsoft Advertising Service Extension for Visual Studio
    Microsoft ASP.NET and Web Tools 2013.3 - Visual Studio 12
    Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU
    Microsoft ASP.NET MVC 4 Runtime
    Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU
    Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU
    Microsoft ASP.NET Web Pages 2 Runtime
    Microsoft Azure Mobile Services SDK
    Microsoft Azure Mobile Services Tools for Visual Studio - v1.2
    Microsoft Azure Shared Components for Visual Studio 2013 - v1.2
    Microsoft Azure Tools for LightSwitch for Visual Studio 2013 - June 2014 Update - v2.4
    Microsoft C++ REST SDK for Visual Studio 2013
    Microsoft Exchange Web Services Managed API 2.1
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Help Viewer 2.1
    Microsoft Identity Extensions
    Microsoft LightSwitch for Visual Studio 2013 Core
    Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU
    Microsoft LightSwitch for Visual Studio 2013 v4.5 Tools
    Microsoft LightSwitch for Visual Studio 2013 v4.5 ToolsRes - ENU
    Microsoft LightSwitch v4.5 SDK
    Microsoft NuGet - Visual Studio 2013
    Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64)
    Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack
    Microsoft Office Developer Tools for Visual Studio
    Microsoft Office Developer Tools for Visual Studio ENU Language Pack
    Microsoft Office Home and Student 2013 - en-us
    Microsoft OneDrive
    Microsoft Portable Library Multi-Targeting Pack
    Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    Microsoft Report Viewer Add-On for Visual Studio 2013
    Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package
    Microsoft Silverlight
    Microsoft Silverlight 5 SDK
    Microsoft SQL Server 2012 Command Line Utilities
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Data-Tier App Framework (x64)
    Microsoft SQL Server 2012 Express LocalDB
    Microsoft SQL Server 2012 Management Objects
    Microsoft SQL Server 2012 Management Objects (x64)
    Microsoft SQL Server 2012 Native Client
    Microsoft SQL Server 2012 T-SQL Language Service
    Microsoft SQL Server 2012 Transact-SQL ScriptDom
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    Microsoft SQL Server Data Tools - enu (12.0.30919.1)
    Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft System CLR Types for SQL Server 2012
    Microsoft System CLR Types for SQL Server 2012 (x64)
    Microsoft Team Foundation Server 2013 Update 3 Object Model (x64)
    Microsoft Team Foundation Server 2013 Update 3 Object Model Language Pack (x64) - ENU
    Microsoft Visual C++ ARM Libraries
    Microsoft Visual C++ x64-arm Cross Compilers
    Microsoft Visual C++ x64-arm Cross Compilers - ENU Resources
    Microsoft Visual C++ x64-x86 Cross Compilers
    Microsoft Visual C++ x64-x86 Cross Compilers - ENU Resources
    Microsoft Visual C++ x64 Libraries
    Microsoft Visual C++ x64 Native Compilers
    Microsoft Visual C++ x64 Native Compilers - ENU Resources
    Microsoft Visual C++ x86 Libraries
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    Microsoft Visual C++ 2012 Compilers
    Microsoft Visual C++ 2012 Compilers - ENU Resources
    Microsoft Visual C++ 2012 Core Libraries
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86-x64 Compilers
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2013 x64 Designtime - 12.0.21005
    Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
    Microsoft Visual C++ 2013 Compilers
    Microsoft Visual C++ 2013 Compilers - ENU Resources
    Microsoft Visual C++ 2013 Core Libraries
    Microsoft Visual C++ 2013 Extended Libraries
    Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86-x64 Compilers
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio 2013 Devenv
    Microsoft Visual Studio 2013 Devenv Resources
    Microsoft Visual Studio 2013 Diagnostic Tools - amd64
    Microsoft Visual Studio 2013 Diagnostic Tools - x86
    Microsoft Visual Studio 2013 Performance Collection Tools
    Microsoft Visual Studio 2013 Performance Collection Tools - ENU
    Microsoft Visual Studio 2013 Preparation
    Microsoft Visual Studio 2013 Profiling Tools
    Microsoft Visual Studio 2013 Shell (Minimum)
    Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
    Microsoft Visual Studio 2013 Shell (Minimum) Resources
    Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
    Microsoft Visual Studio 2013 VsGraphics Helper Dependencies
    Microsoft Visual Studio 2013 XAML UI Designer
    Microsoft Visual Studio 2013 XAML UI Designer - ENU
    Microsoft Visual Studio Professional 2013
    Microsoft Visual Studio Professional 2013 - ENU
    Microsoft Visual Studio Professional 2013 with Update 3
    Microsoft Web Deploy 3.5
    Mozilla Firefox 32.0.3 (x86 en-GB)
    Mozilla Maintenance Service
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Open XML SDK 2.5 for Microsoft Office
    paint.net
    PC Tune-Up
    PreEmptive Analytics Visual Studio Components
    Prerequisites for SSDT
    Python Tools Redirection Template
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    SDK de comprobación de Visual Studio 2012 - esn
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    SharePoint Client Components
    Skype™ 6.18
    Team Explorer for Microsoft Visual Studio 2013
    TypeScript Power Tool
    TypeScript Tools for Microsoft Visual Studio 2013
    Update for (KB2504637)
    Visual F# 3.1 SDK
    Visual F# 3.1 VS
    Visual Studio 2012-Verifizierungs-SDK - deu
    Visual Studio 2012 ?? SDK - cht
    Visual Studio 2012 ??? ?? SDK - kor
    Visual Studio 2012 Verification SDK
    Visual Studio 2012 Verification SDK - chs
    Visual Studio 2012 Verification SDK - enu
    Visual Studio 2012 Verification SDK - ita
    Visual Studio 2012 Verification SDK - jpn
    Visual Studio 2013 Prerequisites
    Visual Studio 2013 Prerequisites - ENU Language Pack
    Visual Studio 2013 Update 3 (KB2829760)
    Visual Studio Extensions for Windows Library for JavaScript
    VS Update core components
    WCF Data Services 5.6.0 Runtime
    WCF Data Services Tools for Microsoft Visual Studio 2013
    WCF RIA Services V1.0 SP2
    Windows App Certification Kit Native Components
    Windows App Certification Kit x64
    Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1
    Windows Phone 8.1 SDK - ARM
    Windows Phone 8.1 SDK - Desktop
    Windows Phone 8.1 SDK - x64
    Windows Phone 8.1 SDK - x86
    Windows Phone 8.1 Tools for Visual Studio 2013
    Windows Phone 8.1 Tools for Visual Studio 2013 - ENU
    Windows Phone 8.1 Tools for Visual Studio Professional 2013
    Windows Phone 8.1 Tools for Visual Studio Professionald 2013 - ENU
    Windows Phone SDK 8.0 Assemblies
    Windows Runtime Intellisense Content - en-us
    Windows Software Development Kit
    Windows Software Development Kit DirectX x64 Remote
    Windows Software Development Kit DirectX x86 Remote
    Windows Software Development Kit for Windows Store Apps
    Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    Windows XP Targeting with C++
    Workflow Manager Client 1.0
    Workflow Manager Tools 1.0 for Visual Studio
    ZoneAlarm Antivirus
    ZoneAlarm Extreme Security
    ZoneAlarm Find My Laptop
    ZoneAlarm Firewall
    ZoneAlarm Security
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  3. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Ok, just in case this helps I forgot to mention something in the original post.

    the site I was re-directed to was

    http://www. wkwindowsflash. com/ flash / gb / index.html?sid=284&dv1=ad278-gb&kw1=ad278-gb-xx&uuid=1c287549-9df0-4641-7e04-07c8b4d884f5

    spaces have been placed to disable automatically creating a link.

    when redirected the file that zone alarm picked up was 5EK5Ucse.exe.part

    this was located in the Appdata/local/temp folder.

    ---------------------------------------------------------------------------------------------------------------

    also when trying to download RogueKiller I think I was either tricked b an add with the download button (litrally just that. I didn't download anything but I was taken to

    http://www. open-any-file. com/ file-opener / gb / oc / ?adnm=54348312905&I=s&grid=Yellow&lg=EN&cc=GB&clg=en&c=1&d=0&cid=_509773421&kw=7z%20zip&mt=&mn=www.bleepingcomputer.com&ct=&nt=D&expr=&ap=none&dv=c&color=yellow&agid=_5282531978

    also when I first tried to download Malwarebytes Anti-Rootkit, it tried to re-direct me.

    ok, here are the logs.

    RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Luke Fitton [Administrator]
    Mode : Delete -- Date : 10/18/2014 12:06:44

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 14 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-126465478-2479770431-1784574984-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-126465478-2479770431-1784574984-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SanDisk SD6SB2M128G1022I SATA Disk Device +++++
    --- User ---
    [MBR] 94ce0cb5e85b9c4efd4cf30e9ed6f673
    [BSP] d975e2e02d4507ff7b08e9457aaa8123 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 106 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 224910 | Size: 121991 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST500DM0 02-1BD142 SATA Disk Device +++++
    --- User ---
    [MBR] d6f5acef9c6b8b7e3b738ffb0803a1b6
    [BSP] 8e2ac2cefdb9b6cc91637f99822c97ed : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_09042014_101719.log - RKreport_SCN_09042014_101607.log - RKreport_SCN_10182014_120514.log

    -----------------------------------------------------------------------



    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.18.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17358
    Luke Fitton :: LUKEFITTON-PC [administrator]

    18/10/2014 12:13:12
    mbar-log-2014-10-18 (12-13-12).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 371328
    Time elapsed: 12 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    --------------------------------------------------

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17358

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 3.015000 GHz
    Memory total: 8527872000, free: 5680582656

    Downloaded database version: v2014.10.18.04
    Downloaded database version: v2014.10.17.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    10/18/2014 12:13:01
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\vsdatant.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\SysWow64\drivers\AsIO.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\amdxhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\amdhub30.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \??\C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\gdi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\wininet.dll
    \Windows\System32\psapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\ole32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\lpk.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8006db2060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000066\
    Lower Device Object: 0xfffffa80068617a0
    Lower Device Driver Name: \Driver\amd_sata\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006db1060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000065\
    Lower Device Object: 0xfffffa800685f2c0
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006db1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006db1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006db1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8006865ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa800685f2c0, DeviceName: \Device\00000065\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: BD10C7F8

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 217088
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 224910 Numsec = 249838771

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8006db2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006db2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006db2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8006867040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa80068617a0, DeviceName: \Device\00000066\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B0F614C8

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976766976

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished


    -----------------------------------
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  5. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    ComboFix 14-10-15.01 - Luke Fitton 19/10/2014 11:44:12.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8133.5920 [GMT 1:00]
    Running from: c:\users\Luke Fitton\Desktop\ComboFix.exe
    FW: ZoneAlarm Extreme Security Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-09-19 to 2014-10-19 )))))))))))))))))))))))))))))))
    .
    .
    2014-10-19 10:48 . 2014-10-19 10:48 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-10-19 10:48 . 2014-10-19 10:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-18 11:01 . 2014-10-18 11:01 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-17 09:45 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01C79011-F4F0-4202-8DE7-E1238FBA760A}\mpengine.dll
    2014-10-15 10:53 . 2014-09-19 01:01 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-10-15 10:50 . 2014-08-30 02:10 6583296 ----a-w- c:\windows\system32\mstscax.dll
    2014-09-29 10:07 . 2014-09-29 10:07 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
    2014-09-29 10:07 . 2014-09-29 10:07 -------- d-----r- c:\users\Luke Fitton\OneDrive
    2014-09-29 10:07 . 2014-09-29 10:07 -------- d-----w- c:\programdata\Microsoft OneDrive
    2014-09-29 09:34 . 2014-09-29 09:34 -------- d-----w- c:\users\Luke Fitton\AppData\Local\LogMeIn Rescue Applet
    2014-09-21 14:06 . 2014-09-21 14:06 -------- d-----w- c:\users\Luke Fitton\AppData\Roaming\NuGet
    2014-09-21 12:50 . 2014-09-21 12:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
    2014-09-21 12:48 . 2014-09-21 12:48 -------- d-----w- c:\program files (x86)\Windows Phone Silverlight Kits
    2014-09-21 12:48 . 2014-09-21 12:56 2941888 ----a-w- c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
    2014-09-21 12:46 . 2014-09-21 12:46 -------- d-----w- c:\program files (x86)\Microsoft XDE
    2014-09-21 12:40 . 2014-09-21 12:40 -------- d-----w- c:\program files (x86)\AppInsights
    2014-09-21 12:37 . 2014-09-21 12:37 -------- d-----w- c:\program files (x86)\Windows Phone Kits
    2014-09-21 12:20 . 2014-09-21 12:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2014-09-21 12:19 . 2014-09-21 12:19 -------- d-----w- c:\program files (x86)\Workflow Manager Tools
    2014-09-21 12:19 . 2014-09-21 12:19 -------- d-----w- c:\program files (x86)\Open XML SDK
    2014-09-21 12:19 . 2014-09-21 12:19 -------- d-----w- c:\program files\Microsoft Identity Extensions
    2014-09-21 12:18 . 2014-09-21 12:18 -------- d-----w- c:\program files\Windows Identity Foundation
    2014-09-21 12:18 . 2014-09-21 12:18 -------- d-----w- c:\program files (x86)\Windows Identity Foundation
    2014-09-21 12:18 . 2014-09-21 12:18 -------- d-----w- c:\program files\SharePoint Client Components
    2014-09-21 12:18 . 2014-09-21 12:18 -------- d-----w- c:\program files (x86)\Microsoft
    2014-09-21 12:17 . 2014-09-21 12:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2014-09-21 12:17 . 2014-09-21 12:17 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2014-09-21 12:13 . 2014-09-21 12:13 -------- d-----w- c:\program files\Application Verifier
    2014-09-21 12:13 . 2014-09-21 12:13 -------- d-----w- c:\program files (x86)\Application Verifier
    2014-09-21 12:12 . 2014-09-21 12:44 -------- d-----w- c:\programdata\Windows App Certification Kit
    2014-09-21 12:10 . 2014-09-21 12:10 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
    2014-09-21 12:05 . 2014-09-21 12:05 -------- d-----w- c:\programdata\PreEmptive Solutions
    2014-09-21 12:01 . 2014-09-21 12:03 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
    2014-09-21 12:00 . 2014-09-21 12:00 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
    2014-09-21 11:59 . 2014-09-21 12:41 -------- d-----w- c:\program files\IIS Express
    2014-09-21 11:59 . 2014-09-21 12:41 -------- d-----w- c:\program files (x86)\IIS Express
    2014-09-21 11:58 . 2014-09-21 11:58 -------- d-----w- c:\programdata\NuGet
    2014-09-21 11:58 . 2014-09-21 11:58 -------- d-----w- c:\program files (x86)\NuGet
    2014-09-21 11:58 . 2014-09-21 11:58 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
    2014-09-21 11:58 . 2014-09-21 11:58 -------- d-----w- c:\program files\IIS
    2014-09-21 11:58 . 2014-09-21 11:58 -------- d-----w- c:\program files (x86)\IIS
    2014-09-21 11:55 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
    2014-09-21 11:54 . 2014-09-21 12:08 -------- d-----w- c:\program files (x86)\Windows Kits
    2014-09-21 11:01 . 2014-10-18 11:15 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
    2014-09-21 11:01 . 2014-09-21 11:01 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-09-21 10:54 . 2014-10-18 11:14 -------- d-----w- c:\program files\Microsoft Office 15
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-10-18 11:13 . 2014-06-27 11:54 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-18 11:11 . 2014-06-27 11:54 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-15 15:26 . 2014-04-25 15:19 103265616 ----a-w- c:\windows\system32\MRT.exe
    2014-09-24 13:23 . 2014-07-24 11:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-24 13:23 . 2014-07-24 11:26 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-09-15 08:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-12 13:12 . 2014-09-12 13:12 122584 ----a-w- c:\windows\system32\drivers\7D835EB5.sys
    2014-09-04 09:09 . 2014-09-04 09:09 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
    2014-09-01 12:03 . 2014-09-01 12:03 122584 ----a-w- c:\windows\system32\drivers\609A1B00.sys
    2014-08-23 02:07 . 2014-08-28 09:58 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 01:45 . 2014-08-28 09:58 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-13 10:21 . 2014-09-10 15:47 646280 ----a-w- c:\windows\system32\AntiTheftCredentialProvider.dll
    2014-08-13 09:16 . 2014-08-13 09:16 450456 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2014-07-25 01:35 . 2014-07-25 01:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 22:47 . 2014-07-24 22:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2014-07-23 01:27 . 2014-07-23 01:27 699544 ----a-w- c:\windows\SysWow64\PUGAExperiment.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\SDKFilesVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\addons\NonSDKAddonVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\3082\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\2052\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\1049\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\1042\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\1041\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\1040\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\1036\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\1033\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\1031\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 18080 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\12.0\1028\NonSDKAddonLangVer.dll
    2014-07-23 01:27 . 2014-07-23 01:27 1769632 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
    2014-07-22 20:17 . 2014-07-22 20:17 3036320 ----a-w- c:\windows\system32\VSGraphicsHelper.dll
    2014-07-22 20:17 . 2014-07-22 20:17 1359520 ----a-w- c:\windows\system32\PUGAExperiment.dll
    2014-07-22 14:14 . 2014-07-22 14:14 137376 ----a-w- c:\windows\system32\vcomp120.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-09-29 10:07 222920 ----a-w- c:\users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-09-29 10:07 222920 ----a-w- c:\users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-09-29 10:07 222920 ----a-w- c:\users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21646944]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-08-15 292848]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-15 767200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableSecureUIAPath"= 1 (0x1)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
    R3 icsak;icsak;c:\program files (x86)\CheckPoint\AKL\ak\icsak.sys;c:\program files (x86)\CheckPoint\AKL\ak\icsak.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
    S2 ISWKL;ZoneAlarm AntiKeylogger ISWKL;c:\program files (x86)\CheckPoint\AKL\ISWKL.sys;c:\program files (x86)\CheckPoint\AKL\ISWKL.sys [x]
    S2 IswSvc;ZoneAlarm AntiKeylogger IswSvc;c:\program files (x86)\CheckPoint\AKL\AkSVC.exe;c:\program files (x86)\CheckPoint\AKL\AkSVC.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
    S2 ZoneAlarm AntiTheft;ZoneAlarm AntiTheft;c:\program files (x86)\CheckPoint\AntiTheft\Antitheft.exe;c:\program files (x86)\CheckPoint\AntiTheft\Antitheft.exe [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-24 13:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-09-29 10:07 261832 ----a-w- c:\users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-09-29 10:07 261832 ----a-w- c:\users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-09-29 10:07 261832 ----a-w- c:\users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-04 7204568]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-04 770032]
    "NUSB3MON"="c:\program files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
    "ISW"="c:\program files (x86)\CheckPoint\AKL\AkSA.exe" [2014-07-17 935544]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-04 391152]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-04 771056]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Luke Fitton\AppData\Roaming\Mozilla\Firefox\Profiles\ahruq7t2.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-10-19 11:51:17
    ComboFix-quarantined-files.txt 2014-10-19 10:51
    .
    Pre-Run: 72,193,503,232 bytes free
    Post-Run: 71,825,092,608 bytes free
    .
    - - End Of File - - 90AE9E0E7F29A4E5C15696B8E595518F
    A36C5E4F47E84449FF07ED3517B43A31
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  7. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    # AdwCleaner v4.000 - Report created 20/10/2014 at 15:30:15
    # DB v2014-10-19.11
    # Updated 12/10/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Luke Fitton - LUKEFITTON-PC
    # Running from : C:\Users\Luke Fitton\Desktop\adwcleaner_4.000.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v32.0.3 (x86 en-GB)


    *************************

    AdwCleaner[R0].txt - [769 octets] - [20/10/2014 15:27:36]
    AdwCleaner[S0].txt - [684 octets] - [20/10/2014 15:30:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [743 octets] ##########

    -----------------------------------------------------

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.3 (10.14.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Luke Fitton on 20/10/2014 at 15:34:47.41
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-126465478-2479770431-1784574984-1002\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Luke Fitton\AppData\Roaming\mozilla\firefox\profiles\ahruq7t2.default\minidumps [21 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 20/10/2014 at 15:39:04.79
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -------------------------------------------------

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
    Ran by Luke Fitton (administrator) on LUKEFITTON-PC on 20-10-2014 15:43:23
    Running from C:\Users\Luke Fitton\Desktop
    Loaded Profile: Luke Fitton (Available profiles: Luke Fitton)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
    (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
    HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [935544 2014-07-17] (Check Point Software Technologies LTD)
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-15] (Advanced Micro Devices, Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-126465478-2479770431-1784574984-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21646944 2014-07-24] (Skype Technologies S.A.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x939E0174CBDBCF01
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Luke Fitton\AppData\Roaming\Mozilla\Firefox\Profiles\ahruq7t2.default
    FF Homepage: https://www.google.co.uk/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
    FF Extension: WOT - C:\Users\Luke Fitton\AppData\Roaming\Mozilla\Firefox\Profiles\ahruq7t2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-09]

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-15] (Advanced Micro Devices, Inc.) [File not signed]
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
    R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1144952 2014-07-17] (Check Point Software Technologies LTD)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
    S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
    R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
    R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3129992 2014-08-13] (Check Point Software Technologies Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    S3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies LTD)
    R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-07-17] (Check Point Software Technologies LTD)
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-11] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-11] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-06-11] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-06-11] (Kaspersky Lab)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-06-11] (Kaspersky Lab ZAO)
    S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-18] ()
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-04] ()
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-20 15:43 - 2014-10-20 15:44 - 00011857 _____ () C:\Users\Luke Fitton\Desktop\FRST.txt
    2014-10-20 15:43 - 2014-10-20 15:43 - 00000000 ____D () C:\FRST
    2014-10-20 15:42 - 2014-10-20 15:42 - 02111488 _____ (Farbar) C:\Users\Luke Fitton\Desktop\FRST64.exe
    2014-10-20 15:39 - 2014-10-20 15:39 - 00001496 _____ () C:\Users\Luke Fitton\Desktop\JRT.txt
    2014-10-20 15:34 - 2014-10-20 15:34 - 01705698 _____ (Thisisu) C:\Users\Luke Fitton\Desktop\JRT.exe
    2014-10-20 15:31 - 2014-10-20 15:31 - 00000822 _____ () C:\Users\Luke Fitton\Desktop\AdwCleaner[S0].txt
    2014-10-20 15:27 - 2014-10-20 15:30 - 00000000 ____D () C:\AdwCleaner
    2014-10-20 15:26 - 2014-10-20 15:26 - 01976320 _____ () C:\Users\Luke Fitton\Desktop\adwcleaner_4.000.exe
    2014-10-20 11:17 - 2014-10-20 11:18 - 00000000 ____D () C:\Users\Luke Fitton\AppData\OICE_15_974FA576_32C1D314_2495
    2014-10-19 11:51 - 2014-10-19 11:51 - 00026169 _____ () C:\ComboFix.txt
    2014-10-19 11:42 - 2014-10-19 11:51 - 00000000 ____D () C:\Qoobox
    2014-10-19 11:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-19 11:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-19 11:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-19 11:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-19 11:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-19 11:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-19 11:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-19 11:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-19 11:40 - 2014-10-19 11:40 - 05583559 ____R (Swearware) C:\Users\Luke Fitton\Desktop\ComboFix.exe
    2014-10-18 12:10 - 2014-10-18 13:02 - 00000000 ____D () C:\Users\Luke Fitton\Desktop\mbar
    2014-10-18 12:10 - 2014-10-18 12:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Luke Fitton\Desktop\mbar-1.07.0.1012.exe
    2014-10-18 12:07 - 2014-10-18 12:07 - 00004159 _____ () C:\Users\Luke Fitton\Desktop\RKreport_DEL_10182014_120644.log
    2014-10-18 12:01 - 2014-10-18 12:01 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-10-18 11:59 - 2014-10-18 11:59 - 15725144 _____ () C:\Users\Luke Fitton\Desktop\RogueKiller.exe
    2014-10-17 17:43 - 2014-10-17 17:43 - 00021840 _____ () C:\Users\Luke Fitton\Desktop\dds.txt
    2014-10-17 17:43 - 2014-10-17 17:43 - 00013232 _____ () C:\Users\Luke Fitton\Desktop\attach.txt
    2014-10-17 17:42 - 2014-10-17 17:42 - 00688992 ____R (Swearware) C:\Users\Luke Fitton\Desktop\dds.com
    2014-10-15 11:54 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-15 11:54 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2014-10-15 11:54 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2014-10-15 11:54 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2014-10-15 11:54 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2014-10-15 11:54 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2014-10-15 11:54 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2014-10-15 11:54 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2014-10-15 11:54 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2014-10-15 11:54 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2014-10-15 11:54 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2014-10-15 11:54 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2014-10-15 11:54 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-10-15 11:54 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2014-10-15 11:54 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-10-15 11:54 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2014-10-15 11:54 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-10-15 11:54 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-10-15 11:54 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-10-15 11:54 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2014-10-15 11:54 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2014-10-15 11:54 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2014-10-15 11:54 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2014-10-15 11:54 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2014-10-15 11:54 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-10-15 11:54 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2014-10-15 11:54 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2014-10-15 11:54 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2014-10-15 11:54 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2014-10-15 11:54 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2014-10-15 11:54 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-10-15 11:54 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-10-15 11:54 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-10-15 11:54 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-10-15 11:54 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-10-15 11:54 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2014-10-15 11:54 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2014-10-15 11:54 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2014-10-15 11:54 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-15 11:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-15 11:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-15 11:54 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-15 11:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-15 11:54 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-15 11:53 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-15 11:53 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-15 11:53 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-15 11:53 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-15 11:53 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-15 11:53 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-15 11:53 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-15 11:53 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-15 11:53 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-15 11:53 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-15 11:53 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-15 11:53 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-15 11:53 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-15 11:53 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-15 11:53 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-15 11:53 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-15 11:53 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-15 11:53 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-15 11:53 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-15 11:53 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-15 11:53 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-15 11:53 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-15 11:53 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-15 11:53 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-15 11:53 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-15 11:53 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-15 11:53 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-15 11:53 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-15 11:53 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-15 11:53 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-15 11:53 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-15 11:53 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-15 11:53 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-15 11:53 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-15 11:53 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-15 11:53 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-15 11:53 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-15 11:53 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-15 11:53 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-15 11:53 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-15 11:53 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-15 11:53 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-15 11:53 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-15 11:53 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-15 11:53 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-15 11:53 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-15 11:53 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-15 11:53 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-15 11:53 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-15 11:53 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-15 11:53 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-15 11:53 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-15 11:53 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-15 11:53 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-15 11:53 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-15 11:53 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-15 11:50 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-15 11:50 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-15 11:50 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-15 11:50 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-15 11:50 - 2014-08-30 03:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-15 11:50 - 2014-08-30 02:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-15 11:50 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-15 11:50 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-15 11:50 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-15 11:50 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-15 11:50 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-15 11:50 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-15 11:50 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-15 11:50 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-15 11:50 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-15 11:50 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-15 11:50 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-15 11:50 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-15 11:50 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-10-15 11:50 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-10-15 11:50 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-10-15 11:50 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-10-15 11:50 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-10-15 11:50 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-10-15 11:50 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-10-15 11:50 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-09-29 11:07 - 2014-09-29 11:07 - 00002154 _____ () C:\Users\Luke Fitton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-09-29 11:07 - 2014-09-29 11:07 - 00002100 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-09-29 11:07 - 2014-09-29 11:07 - 00002100 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-09-29 11:07 - 2014-09-29 11:07 - 00000000 ___RD () C:\Users\Luke Fitton\OneDrive
    2014-09-29 11:07 - 2014-09-29 11:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2014-09-29 11:07 - 2014-09-29 11:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
    2014-09-29 10:43 - 2014-09-29 10:43 - 00000103 _____ () C:\Users\Luke Fitton\Desktop\REJOIN LINK.txt
    2014-09-29 10:34 - 2014-09-29 10:34 - 00000000 ____D () C:\Users\Luke Fitton\AppData\Local\LogMeIn Rescue Applet
    2014-09-25 13:35 - 2014-09-25 13:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-09-21 15:06 - 2014-09-21 15:06 - 00000000 ____D () C:\Users\Luke Fitton\AppData\Roaming\NuGet
    2014-09-21 14:56 - 2014-09-21 14:56 - 00000029 _____ () C:\Users\Luke Fitton\Desktop\VS2013 key.txt
    2014-09-21 13:50 - 2014-09-21 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
    2014-09-21 13:50 - 2014-09-21 13:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
    2014-09-21 13:48 - 2014-09-21 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
    2014-09-21 13:48 - 2014-09-21 13:48 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
    2014-09-21 13:46 - 2014-09-21 15:39 - 00000000 ____D () C:\Users\Luke Fitton\Documents\Visual Studio 2013
    2014-09-21 13:46 - 2014-09-21 13:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
    2014-09-21 13:40 - 2014-09-21 13:40 - 00000000 ____D () C:\Program Files (x86)\AppInsights
    2014-09-21 13:37 - 2014-09-21 13:37 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
    2014-09-21 13:21 - 2014-09-21 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-09-21 13:20 - 2014-09-21 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
    2014-09-21 13:20 - 2014-09-21 13:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-09-21 13:19 - 2014-09-21 13:19 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions
    2014-09-21 13:19 - 2014-09-21 13:19 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools
    2014-09-21 13:19 - 2014-09-21 13:19 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK
    2014-09-21 13:18 - 2014-09-21 13:18 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
    2014-09-21 13:18 - 2014-09-21 13:18 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation
    2014-09-21 13:17 - 2014-09-21 13:17 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
    2014-09-21 13:17 - 2014-09-21 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-09-21 13:13 - 2014-09-21 13:13 - 00000000 ____D () C:\Program Files\Application Verifier
    2014-09-21 13:13 - 2014-09-21 13:13 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
    2014-09-21 13:12 - 2014-09-21 13:44 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
    2014-09-21 13:10 - 2014-09-21 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    2014-09-21 13:05 - 2014-09-21 13:05 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
    2014-09-21 13:01 - 2014-09-21 13:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
    2014-09-21 13:00 - 2014-09-21 13:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
    2014-09-21 12:59 - 2014-09-21 13:41 - 00000000 ____D () C:\Program Files\IIS Express
    2014-09-21 12:59 - 2014-09-21 13:41 - 00000000 ____D () C:\Program Files (x86)\IIS Express
    2014-09-21 12:58 - 2014-09-21 12:58 - 00000000 ____D () C:\ProgramData\NuGet
    2014-09-21 12:58 - 2014-09-21 12:58 - 00000000 ____D () C:\Program Files\IIS
    2014-09-21 12:58 - 2014-09-21 12:58 - 00000000 ____D () C:\Program Files (x86)\NuGet
    2014-09-21 12:58 - 2014-09-21 12:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
    2014-09-21 12:58 - 2014-09-21 12:58 - 00000000 ____D () C:\Program Files (x86)\IIS
    2014-09-21 12:56 - 2014-09-21 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
    2014-09-21 12:55 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2014-09-21 12:54 - 2014-09-21 13:08 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
    2014-09-21 12:48 - 2014-09-21 12:48 - 00000000 ____D () C:\Windows\symbols
    2014-09-21 12:48 - 2014-09-21 12:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
    2014-09-21 12:48 - 2014-09-21 12:48 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
    2014-09-21 12:40 - 2014-09-21 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
    2014-09-21 12:40 - 2014-09-21 13:17 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
    2014-09-21 12:40 - 2014-09-21 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
    2014-09-21 12:40 - 2014-09-21 12:53 - 00000000 ____D () C:\Windows\SysWOW64\1033
    2014-09-21 12:27 - 2014-09-21 13:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
    2014-09-21 12:27 - 2014-09-21 13:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
    2014-09-21 12:27 - 2014-09-21 12:41 - 00000000 ____D () C:\Windows\system32\1033
    2014-09-21 12:27 - 2014-09-21 12:27 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
    2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ___RD () C:\MSOCache
    2014-09-21 12:01 - 2014-09-21 12:01 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2014-09-21 12:01 - 2014-09-21 12:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2014-09-21 11:57 - 2014-09-29 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-09-21 11:54 - 2014-10-18 12:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-20 15:39 - 2009-07-14 06:13 - 00781626 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-20 15:38 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-20 15:38 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-20 15:35 - 2014-09-05 10:13 - 00000000 ____D () C:\Users\Luke Fitton\AppData\Local\CrashDumps
    2014-10-20 15:34 - 2014-06-20 14:24 - 01076444 _____ () C:\Windows\WindowsUpdate.log
    2014-10-20 15:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-20 15:30 - 2010-11-21 04:47 - 00054708 _____ () C:\Windows\PFRO.log
    2014-10-20 15:30 - 2009-07-14 05:51 - 00047715 _____ () C:\Windows\setupact.log
    2014-10-20 15:23 - 2014-07-24 12:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-19 12:15 - 2014-09-11 13:17 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-10-19 12:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-19 11:51 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-10-19 11:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-18 13:02 - 2014-07-11 15:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-18 12:13 - 2014-06-27 12:54 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-18 12:11 - 2014-06-27 12:54 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-16 10:23 - 2009-07-14 05:45 - 00357992 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-16 10:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-16 10:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-15 16:29 - 2014-04-25 16:19 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-15 16:26 - 2014-04-25 16:19 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-10-15 11:40 - 2009-07-14 06:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-14 11:13 - 2014-07-09 09:48 - 00016249 ____H () C:\Windows\SysWOW64\BTImages.dat
    2014-10-06 16:47 - 2014-07-09 10:00 - 00000000 ____D () C:\Users\Luke Fitton\AppData\Roaming\Skype
    2014-09-29 11:17 - 2014-06-25 18:01 - 00076336 _____ () C:\Users\Luke Fitton\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-09-29 11:07 - 2014-06-25 17:43 - 00000000 ____D () C:\Users\Luke Fitton
    2014-09-26 11:10 - 2014-07-09 09:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-09-24 14:23 - 2014-07-24 12:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-24 14:23 - 2014-07-24 12:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-24 14:23 - 2014-07-24 12:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-23 16:05 - 2014-07-09 15:02 - 00000026 _____ () C:\Users\Luke Fitton\Desktop\work notes.txt
    2014-09-21 13:53 - 2014-06-25 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-09-21 13:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-09-21 13:04 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
    2014-09-21 12:27 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild

    Some content of TEMP:
    ====================
    C:\Users\Luke Fitton\AppData\Local\Temp\Quarantine.exe
    C:\Users\Luke Fitton\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-19 12:08

    ==================== End Of Log ============================

    -----------------------------------------------------
     
  8. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014
    Ran by Luke Fitton at 2014-10-20 15:45:05
    Running from C:\Users\Luke Fitton\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
    AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Extreme Security Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    AMD Accelerated Video Transcoding (Version: 13.30.100.40415 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Control Center (x32 Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{F5B2C61F-1C10-FD9B-C29C-D8B88C9849CF}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
    AMD Fuel (Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
    AMD USB 3.0 Device Detector (Version: 2.1.29.0 - Advanced Micro Devices, Inc.) Hidden
    AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
    Application Insights Tools for Visual Studio 2013 (x32 Version: 2.1 - Microsoft Corporation) Hidden
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
    AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
    Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
    Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
    Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
    Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
    Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
    Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
    FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
    IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
    Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
    LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
    LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Memory Profiler (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft Access 2013 - en-us (HKLM\...\AccessRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
    Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
    Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
    Microsoft Visual Studio Professional 2013 with Update 3 (HKLM-x32\...\{ec85bfda-a752-4fe6-b9ad-f4c42d6ff44b}) (Version: 12.0.30723 - Microsoft Corporation)
    Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
    Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
    paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
    PC Tune-Up (x32 Version: 2.2.0.1 - ZoneAlarm) Hidden
    PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Python Tools Redirection Template (x32 Version: 1.2 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
    SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
    Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
    Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Visual F# 3.1 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Visual F# 3.1 VS (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Visual Studio 2012 Verification SDK - chs (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    Visual Studio 2012 Verification SDK - enu (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    Visual Studio 2012 Verification SDK - ita (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    Visual Studio 2012 Verification SDK - jpn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    Visual Studio 2012 Verification SDK (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Visual Studio 2012 유효성 검사 SDK - kor (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    Visual Studio 2012 驗證 SDK - cht (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    Visual Studio 2012-Verifizierungs-SDK - deu (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
    Visual Studio 2013 Prerequisites - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Visual Studio 2013 Prerequisites (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)
    Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 2.1.30723.00 - Microsoft Corporation) Hidden
    VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
    WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
    Windows App Certification Kit Native Components (Version: 8.100.26629 - Microsoft Corporation) Hidden
    Windows App Certification Kit x64 (x32 Version: 8.100.26795 - Microsoft Corporation) Hidden
    Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 (x32 Version: 2.1.10909.1601 - Microsoft) Hidden
    Windows Phone 8.1 SDK - ARM (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden
    Windows Phone 8.1 SDK - Desktop (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden
    Windows Phone 8.1 SDK - x64 (Version: 8.1.12358 - Microsoft Corporation) Hidden
    Windows Phone 8.1 SDK - x86 (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden
    Windows Phone 8.1 Tools for Visual Studio 2013 - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Windows Phone 8.1 Tools for Visual Studio 2013 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Windows Phone 8.1 Tools for Visual Studio Professional 2013 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Windows Phone 8.1 Tools for Visual Studio Professionald 2013 - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Windows Phone SDK 8.0 Assemblies (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Windows Runtime Intellisense Content - en-us (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
    Windows Software Development Kit (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden
    Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
    Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
    Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden
    Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
    Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
    Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden
    Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
    Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.26831 - Microsoft Corporation) Hidden
    Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden
    Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden
    Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
    Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
    Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
    ZoneAlarm Antivirus (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 13.3.209.000 - Check Point)
    ZoneAlarm Find My Laptop (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-126465478-2479770431-1784574984-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-126465478-2479770431-1784574984-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-126465478-2479770431-1784574984-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-126465478-2479770431-1784574984-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-126465478-2479770431-1784574984-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Luke Fitton\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    21-09-2014 11:21:46 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    21-09-2014 11:22:22 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    21-09-2014 11:55:04 Installed DirectX
    21-09-2014 12:18:30 Windows Update
    26-09-2014 10:23:12 Windows Update
    30-09-2014 09:22:29 Windows Update
    03-10-2014 10:20:12 Windows Update
    07-10-2014 09:27:53 Windows Update
    14-10-2014 10:12:20 Windows Update
    15-10-2014 15:26:35 Windows Update
    18-10-2014 11:08:31 infection

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0BEB7EC8-99E8-42FE-AEA3-CFBDD943DCAF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
    Task: {5EB4BAF0-AC35-47F4-ADFC-F10D262DA1F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
    Task: {AA99156D-DF39-439D-9B71-D4C74E1E4137} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
    Task: {BE0B2F9B-DFF9-4DEF-BDB0-969D31BA19A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-06-20 14:39 - 2013-05-07 08:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
    2014-09-21 11:54 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-04-15 22:28 - 2014-04-15 22:28 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2014-10-18 12:13 - 2014-09-09 15:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-06-20 14:39 - 2014-10-20 15:31 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
    2014-06-20 14:39 - 2013-05-07 08:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
    2014-06-20 14:32 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-09-25 13:35 - 2014-09-25 13:35 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-09-10 13:23 - 2014-09-10 13:23 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-126465478-2479770431-1784574984-500 - Administrator - Disabled)
    Guest (S-1-5-21-126465478-2479770431-1784574984-501 - Limited - Disabled)
    Luke Fitton (S-1-5-21-126465478-2479770431-1784574984-1002 - Administrator - Enabled) => C:\Users\Luke Fitton

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-01 10:20:03.438
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-01 10:20:03.437
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-01 10:20:03.433
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-01 10:20:01.446
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-01 10:20:01.444
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-01 10:20:01.443
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 12:28:25.339
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 12:28:25.336
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 12:28:25.335
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 12:28:23.006
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD A4-4000 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 24%
    Total physical RAM: 8132.81 MB
    Available physical RAM: 6163.21 MB
    Total Pagefile: 16263.8 MB
    Available Pagefile: 14065.64 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:119.13 GB) (Free:66.9 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BD10C7F8)
    Partition 1: (Active) - (Size=106 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B0F614C8)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  10. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Results of screen317's Security Check version 0.99.89
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    ZoneAlarm Extreme Security Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Visual Studio Extensions for Windows Library for JavaScript
    Java version out of Date!
    Adobe Flash Player 15.0.0.152
    Mozilla Firefox 32.0.3 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    CheckPoint ZoneAlarm ThreatEmulation.exe
    CheckPoint ZoneAlarm vsmon.exe
    CheckPoint ZoneAlarm zatray.exe
    CheckPoint ZoneAlarm ZaPrivacyService.exe
    CheckPoint ZoneAlarm ThreatEmulation.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 8%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 21-07-2014
    Ran by Luke Fitton (administrator) on 21-10-2014 at 14:45:51
    Running from "C:\Users\Luke Fitton\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  11. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Ok, ESET has been giving me an errror message when trying to download the virus database, unexpected error 2002
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Try to run it through different browser.
     
  13. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Ok, I'll have to do that tomorow since I have to deal with a security issue at wrk drastically.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  15. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Ok, got the same error using internet explorer.
     
  16. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Is it possible the problem is server side?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    • Download Sophos Free Virus Removal Tool and save it to your desktop
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  18. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Ok, scan says there were no threats detected. I think the problems on my end, current internet speed is slow, I blame the lack of a working boiler.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Update Firefox to the current 33.0 version.

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    ============================================

    For me...

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642
     
  20. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Ok, I'll do that tomorow when I have spare time while not having to deal with the boiler problems.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  22. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 194

    Thank you, done and done.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...