Voods

Members

View Profile See their activity

Posts
6
Joined
November 26, 2015
Last visited
December 19, 2015

Reputation

0 Neutral

Recent Profile Visitors

319 profile views

picasso

December 7, 2016

Infection

Voods replied to Voods's topic in Resolved Malware Removal Logs

I will give it a few days and see how it runs. Was any issue found what so ever? Just to menton, when zoek ran, it has uninstalled Dashlane, my password manager. Is there a reason for this?
- December 5, 2015
- 11 replies
Infection

Voods replied to Voods's topic in Resolved Malware Removal Logs

Here's the log for Zoek zoek-results.log
- December 4, 2015
- 11 replies
Infection

Voods replied to Voods's topic in Resolved Malware Removal Logs

Apologies FRST.txt Addition.txt
- December 4, 2015
- 11 replies
Infection

Voods replied to Voods's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015 Ran by Davina-Divine (2015-12-03 13:17:01) Running from C:\Users\Davina-Divine\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) (2015-09-05 20:36:40) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2091952882-4294398361-615148702-500 - Administrator - Disabled) Davina-Divine (S-1-5-21-2091952882-4294398361-615148702-1000 - Administrator - Enabled) => C:\Users\Davina-Divine Guest (S-1-5-21-2091952882-4294398361-615148702-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics) Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.2.0 - Auslogics Labs Pty Ltd) AvaCam v3.6.3 (HKLM\...\AvaCam_is1) (Version: - RGS-Avance software) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Advanced Control Suite 2 (HKLM\...\InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}) (Version: 7.73.01 - Broadcom) Broadcom Advanced Control Suite 2 (Version: 7.73.01 - Broadcom) Hidden Broadcom ASF Management Applications (HKLM\...\InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}) (Version: 5.09.01 - Broadcom) Broadcom ASF Management Applications (Version: 5.09.01 - Broadcom) Hidden Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.01 - Broadcom Corporation) Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP) Comodo IceDragon (HKLM\...\Comodo IceDragon) (Version: 40.1.1.18 - COMODO) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) Dashlane (HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Dashlane) (Version: 3.5.2.94798 - Dashlane SAS) Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell) Dell System Detect (HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell) Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.) Dropbox (HKLM\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.) Dropbox Update Helper (Version: 1.3.27.35 - Dropbox, Inc.) Hidden Freedome (HKLM\...\F-Secure Freedome) (Version: 1.0.1958.0 - F-Secure Corporation) Google Chrome (HKLM\...\{B903EB60-537C-3462-836A-514220BAD8F3}) (Version: 66.101.32853 - Google, Inc.) Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.) Instagram Downloader (HKLM\...\{9DFA525A-6D12-444B-8F5A-63E2947FFC5D}) (Version: 2.3.0.0 - iWesoft) Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation) Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel) Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.) Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab) Kaspersky Internet Security (Version: 15.0.2.396 - Kaspersky Lab) Hidden K-Lite Codec Pack 11.4.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.4.0 - ) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mouse Suite for Laptop Computers (HKLM\...\{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}) (Version: 2.50.024 - Dell) Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.98 - Panda Security) Pidgin (HKLM\...\Pidgin) (Version: 2.10.11 - ) PornHub Video Downloader 3.32 (HKLM\...\PornHub Video Downloader_is1) (Version: - DownloadToolz, Inc.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Should I Remove It (HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden Skype™ 7.11 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.11.102 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) Spotify (HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB) SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Ninja version 3.1 (HKLM\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1 - SingularLabs) Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{52503B4E-149A-4731-A6FF-495067EABFDC}) (Version: 1.01.0001 - Texas Instruments Inc.) TI_Inst (Version: 1.01.0001 - Texas Instruments Inc.) Hidden UnHackMe 5.99 release (HKLM\...\UnHackMe_is1) (Version: - Greatis Software, LLC.) VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8900 - Broadcom Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2091952882-4294398361-615148702-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\DAVINA~1\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe (the data entry has 10 more characters). ==================== Restore Points ========================= 25-11-2015 17:41:41 Installed Sophos Virus Removal Tool. 25-11-2015 17:53:08 Revo Uninstaller's restore point - Sophos Virus Removal Tool 25-11-2015 17:56:32 Installed Sophos Virus Removal Tool. 25-11-2015 20:55:15 Windows Update 25-11-2015 21:08:45 Revo Uninstaller's restore point - Java 8 Update 65 25-11-2015 21:09:33 Removed Java 8 Update 65 25-11-2015 22:24:42 RegRun Virus Scan 25-11-2015 22:29:02 RegRun Virus Scan 25-11-2015 22:52:10 zoek.exe restore point 26-11-2015 11:04:33 JRT Pre-Junkware Removal 30-11-2015 23:49:14 JRT Pre-Junkware Removal 01-12-2015 00:10:42 RegRun Virus Scan 01-12-2015 16:08:17 Windows Update 01-12-2015 16:44:56 Installed Should I Remove It ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:04 - 2015-12-02 00:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {123D5F91-6A76-4D65-950C-24341AF7E3AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated) Task: {238E09A4-9AE1-484C-919B-1E95FA30B03F} - System32\Tasks\{9E84CD96-E116-4AD7-B947-8C1558524361} => C:\Program Files\Skype\Phone\Skype.exe [2015-09-17] (Skype Technologies S.A.) Task: {34E942A1-6096-42CB-A0F1-4B0ADD47B21F} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files\UnHackMe\hackmon.exe [2013-09-05] (Greatis Software) Task: {360E4BF5-6730-499C-BA06-97FA2DB3D668} - System32\Tasks\{837B0283-DA49-42FD-AD31-0F4C551FEAA1} => pcalua.exe -a "C:\Users\Davina-Divine\Downloads\Driver stuff\R257684\Setup.exe" -d "C:\Users\Davina-Divine\Downloads\Driver stuff\R257684" Task: {44A009F9-6305-405C-8155-795D75F53F3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.) Task: {5DB47763-2083-49D4-8159-28CD3A7EC16E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-09-07] (Dropbox, Inc.) Task: {7593C972-EB36-4E5A-8A11-802AD57538B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {78D377AF-6D02-4453-820E-79758E9187B4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-09-07] (Dropbox, Inc.) Task: {ADD8DF85-71D4-4925-A602-34574D9B7A36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {BA213375-3B46-4F29-A34F-12DF5A900AB1} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] () Task: {C5D46E67-4B12-4C41-BA06-0AEC09FAD9F1} - System32\Tasks\{AF7F0362-7FF7-4050-B291-3732D626DB1E} => pcalua.exe -a "C:\Users\Davina-Divine\Downloads\Driver stuff\R87462\setup.exe" -d "C:\Users\Davina-Divine\Downloads\Driver stuff\R87462" Task: {DA3EE255-EACE-47E9-A234-584B4CC23559} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.) Task: {DD03964B-14C5-4E20-942D-BC2FAFDE000B} - System32\Tasks\{0DE96EDA-5A0A-40F2-A540-7524D3863FC6} => pcalua.exe -a C:\dell\drivers\R129472\BtSwSP2.exe -d C:\dell\drivers\R129472 Task: {F8B2E1DE-7A22-4D3C-B29F-7446D14ED010} - System32\Tasks\{37F0C711-6718-4F4A-BA17-D6C01CD4A8C6} => C:\Program Files\Skype\Phone\Skype.exe [2015-09-17] (Skype Technologies S.A.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-06 14:33 - 2007-03-16 17:10 - 00020480 _____ () C:\Windows\System32\WLTRYSVC.EXE 2015-09-06 14:33 - 2007-03-16 17:10 - 00757760 _____ () C:\Windows\System32\bcm1xsup.dll 2015-09-07 12:51 - 2013-10-23 14:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll 2015-05-15 15:27 - 2015-05-15 15:27 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 15:27 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-05 14:17 - 2015-10-05 14:17 - 01972408 _____ () C:\Program Files\Comodo\IceDragon\icedragon_updater.exe 2015-12-02 12:19 - 2015-12-02 12:19 - 00071168 _____ () c:\Users\Davina-Divine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxpi68i.dll 2015-09-07 12:54 - 2015-09-03 00:11 - 00012800 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-09-07 12:54 - 2015-09-03 00:11 - 00779776 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-09-07 12:54 - 2015-09-03 00:11 - 00056320 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-09-07 12:54 - 2015-09-03 00:11 - 00012288 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-11-26 10:03 - 2015-10-28 10:08 - 00227712 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\Dashlane.exe 2015-11-26 10:02 - 2015-10-28 10:02 - 00339328 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.5.2.94798.dll 2015-11-26 10:02 - 2015-10-28 10:02 - 00422784 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.5.2.94798.dll 2015-11-26 10:02 - 2015-10-28 10:02 - 00443264 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.5.2.94798.dll 2015-11-26 10:02 - 2015-10-28 10:02 - 31263616 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.5.2.94798.dll 2015-11-26 10:02 - 2015-10-28 10:02 - 00276352 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.5.2.94798.dll 2015-11-26 10:02 - 2015-10-28 10:02 - 05762944 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.5.2.94798.dll 2015-11-26 10:02 - 2015-10-28 10:02 - 06811008 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.5.2.94798.dll 2015-11-26 10:03 - 2015-10-28 10:08 - 00285568 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\DashlanePlugin.exe 2015-11-26 10:02 - 2015-10-28 10:02 - 13234048 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.5.2.94798.dll 2015-11-26 10:02 - 2015-10-28 10:02 - 02073472 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.5.2.94798.dll 2015-11-26 10:02 - 2015-10-28 10:02 - 00338304 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.5.2.94798.dll 2015-11-11 18:55 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libglesv2.dll 2015-11-11 18:55 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\hola.org -> hxxp://hola.org ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2091952882-4294398361-615148702-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 172.20.10.1 - 194.168.4.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: FreedomeAutoStart => "C:\Program Files\F-Secure\Freedome\Freedome\1\Freedome.exe" -m MSCONFIG\startupreg: FreeFallProtection => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: IntelPROSet => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: PMX Daemon => ICO.EXE MSCONFIG\startupreg: RealProtect => "C:\Program Files\McAfee\Real Protect\RealProtect.exe" --run MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Spotify => "C:\Users\Davina-Divine\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Davina-Divine\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{63CE89A9-D1E0-4CCE-AD22-CF46E2A959BC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{7F0BC400-995A-4162-B971-8CCDE9D25647}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D40D8763-E89C-48B5-8F8D-7490167D36E8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{336868B4-63DA-43BE-8CD8-D73D5F29CF0A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7C9CEA5A-4A94-4E0D-B00D-510CA2357682}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2A849A30-DEE1-4BC0-9E9A-2C72E7AE1324}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{9C89442A-0814-46A4-8A23-EC49CF80584C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{6660BA3E-C6CA-44E3-8881-A9F261113F1F}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe FirewallRules: [{437AB6EB-CF44-4099-A7FC-80E581CE764A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{561BCB4A-4145-41CA-A2C1-9B0333D1AD61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{C66E8C1A-CA72-4960-9015-CD61015EC475}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= Name: Mass Storage Controller Description: Mass Storage Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Broadcom USH Description: Broadcom USH Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/02/2015 10:10:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11876029 Error: (12/02/2015 10:10:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11876029 Error: (12/02/2015 10:10:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2015 10:09:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11868431 Error: (12/02/2015 10:09:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11868431 Error: (12/02/2015 10:09:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2015 10:09:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11867199 Error: (12/02/2015 10:09:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11867199 Error: (12/02/2015 10:09:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2015 10:09:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11866169 System errors: ============= Error: (12/02/2015 00:18:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (12/02/2015 00:15:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (12/02/2015 00:15:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/01/2015 09:16:38 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 21:15:20 on ‎01/‎12/‎2015 was unexpected. Error: (12/01/2015 09:03:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/01/2015 09:00:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/01/2015 09:00:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/01/2015 05:51:37 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: The handle is invalid.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX Error: (12/01/2015 00:09:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (11/30/2015 11:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== Processor: Intel® Core i5-2520M CPU @ 2.50GHz Percentage of memory in use: 66% Total physical RAM: 3240.9 MB Available physical RAM: 1098.66 MB Total Virtual: 6480.11 MB Available Virtual: 3525.19 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:286.75 GB) (Free:179.13 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:11.3 GB) (Free:5.99 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DAB7380D) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=11.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=286.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
- December 3, 2015
- 11 replies
Infection

Voods replied to Voods's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015 Ran by Davina-Divine (administrator) on DIVINE (03-12-2015 13:16:10) Running from C:\Users\Davina-Divine\Downloads Loaded Profiles: Davina-Divine (Available Profiles: Davina-Divine) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Windows\System32\WLTRYSVC.EXE (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (F-Secure Corporation) C:\Program Files\F-Secure\Freedome\Freedome\1\FreedomeService.exe () C:\Program Files\Comodo\IceDragon\icedragon_updater.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\Dashlane.exe (Greatis Software) C:\Program Files\UnHackMe\hackmon.exe () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\DashlanePlugin.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\DashlanePlugin.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.) HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Run: [Dashlane] => C:\Users\Davina-Divine\AppData\Roaming\Dashlane\Dashlane.exe [227712 2015-10-28] () HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Run: [DashlanePlugin] => C:\Users\Davina-Divine\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2015-10-28] () HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) BootExecute: autocheck autochk * PartizanPCloudBroom.exe \systemroot\system32\BroomData.bit ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{1C861901-1A62-4C31-A871-8A33AE4073AA}: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\..\Interfaces\{26B12864-EF32-48D9-8560-C4F1D327A274}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{DA754577-4946-4694-ACEF-8F0EF042C470}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2091952882-4294398361-615148702-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2091952882-4294398361-615148702-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2091952882-4294398361-615148702-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2091952882-4294398361-615148702-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Davina-Divine\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-10-28] (Dashlane) FireFox: ======== FF ProfilePath: C:\Users\Davina-Divine\AppData\Roaming\Mozilla\Firefox\Profiles\hiuj3mky.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [No File] FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-09-07] () FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-09-07] () FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-09-07] () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Davina-Divine\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-11-19] () FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Davina-Divine\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-11-19] (Hola) FF Plugin HKU\S-1-5-21-2091952882-4294398361-615148702-1000: @hola.org/FlashPlayer -> C:\Users\Davina-Divine\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-11] () FF Plugin HKU\S-1-5-21-2091952882-4294398361-615148702-1000: @hola.org/vlc -> C:\Users\Davina-Divine\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-11] (Hola) FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-09-07] [not signed] FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-09-07] [not signed] FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-09-07] [not signed] FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com FF HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Firefox\Extensions: [jetpack-extension@dashlane.com] - C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\Extensions\JetPack_expanded\jetpack-extension@dashlane.com FF Extension: Dashlane - C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\Extensions\JetPack_expanded\jetpack-extension@dashlane.com [2015-10-28] [not signed] Chrome: ======= CHR Profile: C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07] CHR Extension: (Google Docs) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07] CHR Extension: (Google Drive) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28] CHR Extension: (Google Search) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Kaspersky Protection) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-09-07] CHR Extension: (Session Buddy) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-09-18] CHR Extension: (Dashlane) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-11-25] CHR Extension: (Google Sheets) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07] CHR Extension: (Google Docs Offline) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-12-02] CHR Extension: (Webproxy.net - Unblock any website) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmikmnnnoacchojfpdgfdgpkfgajhim [2015-10-17] CHR Extension: (Similar Sites) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2015-10-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07] CHR Extension: (Gmail) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07] CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhplgjpclknigjpccbcnmicgcieojbh [2015-12-01] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com) R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO) S2 BAsfIpM; C:\Windows\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.) [File not signed] S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-03-14] (Intel Corporation) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-07] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-07] (Dropbox, Inc.) R2 Freedome Service; C:\Program Files\F-Secure\Freedome\Freedome\1\FreedomeService.exe [379432 2015-10-21] (F-Secure Corporation) S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation) R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1972408 2015-10-05] () R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-07-17] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2525936 2013-07-17] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2012-05-23] (ST Microelectronics) R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.) R3 BTWAMPFL; C:\Windows\system32\drivers\btwampfl.sys [302120 2015-09-06] (Broadcom Corporation.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [197864 2015-06-27] (Kaspersky Lab UK Ltd) R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2013-02-20] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [54640 2015-06-27] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [128728 2015-06-27] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44208 2015-06-27] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [692920 2015-10-06] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [34160 2015-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [36208 2015-06-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [35696 2015-06-27] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [23920 2015-06-27] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-27] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [72560 2015-06-27] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [157240 2015-10-06] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-12-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [48928 2013-01-23] (Intel Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10375680 2013-05-29] (Intel Corporation) U0 Partizan; C:\Windows\System32\drivers\Partizan.sys [35816 2015-11-25] (Greatis Software) S3 RegGuard; C:\Windows\system32\Drivers\regguard.sys [24416 2015-12-01] (Greatis Software) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [30248 2015-10-21] (The OpenVPN Project) S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X] S3 catchme; \??\C:\Users\DAVINA~1\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-03 13:16 - 2015-12-03 13:16 - 00019515 _____ C:\Users\Davina-Divine\Downloads\FRST.txt 2015-12-03 13:15 - 2015-12-03 13:16 - 00000000 ____D C:\FRST 2015-12-03 13:14 - 2015-12-03 13:14 - 01721344 _____ (Farbar) C:\Users\Davina-Divine\Downloads\FRST.exe 2015-12-02 00:22 - 2015-12-02 00:22 - 00198491 _____ C:\ComboFix.txt 2015-12-01 20:59 - 2015-12-02 00:22 - 00000000 ____D C:\Qoobox 2015-12-01 20:59 - 2015-12-02 00:19 - 00000000 ____D C:\Windows\erdnt 2015-12-01 20:59 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe 2015-12-01 20:59 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe 2015-12-01 20:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-12-01 20:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-12-01 20:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-12-01 20:59 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe 2015-12-01 20:59 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe 2015-12-01 20:59 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe 2015-12-01 20:55 - 2015-12-01 20:57 - 05639299 ____R (Swearware) C:\Users\Davina-Divine\Downloads\ComboFix.exe 2015-12-01 19:57 - 2015-12-01 19:57 - 00013182 _____ C:\Users\Davina-Divine\Desktop\attach.txt 2015-12-01 19:57 - 2015-12-01 19:56 - 00020164 _____ C:\Users\Davina-Divine\Desktop\dds.txt 2015-12-01 19:54 - 2015-12-01 19:55 - 00688992 ____R (Swearware) C:\Users\Davina-Divine\Downloads\dds.com 2015-12-01 19:28 - 2015-12-01 19:28 - 00002933 _____ C:\Users\Davina-Divine\Desktop\aswMBR.txt 2015-12-01 19:28 - 2015-12-01 19:28 - 00000512 _____ C:\Users\Davina-Divine\Desktop\MBR.dat 2015-12-01 17:50 - 2015-12-01 17:50 - 00000558 _____ C:\Windows\system32\BroomData.bit 2015-12-01 17:14 - 2015-12-01 17:15 - 05200384 _____ (AVAST Software) C:\Users\Davina-Divine\Downloads\aswmbr.exe 2015-12-01 16:59 - 2015-12-01 17:00 - 00380416 _____ C:\Users\Davina-Divine\Downloads\dolmkye1.exe 2015-12-01 16:47 - 2015-12-01 16:47 - 00001240 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2015-12-01 16:46 - 2015-12-01 16:46 - 00001266 _____ C:\Users\Public\Desktop\herdProtect.lnk 2015-12-01 16:45 - 2015-12-01 16:45 - 00001227 _____ C:\Users\Davina-Divine\Desktop\Should I Remove It.lnk 2015-12-01 16:45 - 2015-12-01 16:45 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin 2015-12-01 16:45 - 2015-12-01 16:45 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It 2015-12-01 00:16 - 2015-12-01 00:17 - 01125626 _____ C:\Users\Davina-Divine\Downloads\ProcessExplorer.zip 2015-12-01 00:02 - 2015-12-01 00:02 - 00086076 _____ C:\TDSSKiller.2.6.20.0_01.12.2015_00.02.04_log.txt 2015-11-29 18:39 - 2015-11-29 18:44 - 568565930 _____ C:\Users\Davina-Divine\Downloads\Slender - The Arrival (Www.ApunKaGames.Net).zip 2015-11-29 17:24 - 2015-11-29 17:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37CE5554.sys 2015-11-28 17:30 - 2015-11-28 17:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\51860BDA.sys 2015-11-28 17:19 - 2015-11-28 17:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\068903AA.sys 2015-11-28 14:13 - 2015-12-01 00:01 - 00000000 ____D C:\Users\Davina-Divine\AppData\Local\CrashDumps 2015-11-26 11:12 - 2015-11-26 11:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-26 11:08 - 2015-11-26 11:32 - 00000000 ____D C:\Users\Davina-Divine\Desktop\mbar 2015-11-26 11:08 - 2015-11-26 11:08 - 00001535 _____ C:\Users\Davina-Divine\Desktop\JRT1.txt 2015-11-26 11:04 - 2015-11-26 11:04 - 00002474 _____ C:\Users\Davina-Divine\Desktop\Rkill1.txt 2015-11-26 11:02 - 2015-11-30 23:58 - 00002250 _____ C:\Users\Davina-Divine\Desktop\Rkill.txt 2015-11-26 10:43 - 2015-11-26 10:44 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Davina-Divine\Downloads\rkill.exe 2015-11-26 10:43 - 2015-11-26 10:44 - 01599336 _____ (Malwarebytes) C:\Users\Davina-Divine\Downloads\JRT.exe 2015-11-26 10:41 - 2015-11-26 10:45 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Davina-Divine\Downloads\mbar-1.09.3.1001.exe 2015-11-26 09:59 - 2015-11-26 10:03 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Dashlane 2015-11-26 09:59 - 2015-11-26 09:59 - 00513832 _____ (Dashlane inc.) C:\Users\Davina-Divine\Downloads\Dashlane_Launcher_bchrome-1441010438.exe 2015-11-26 09:49 - 2015-11-26 09:49 - 00038064 _____ C:\Users\Davina-Divine\Desktop\zoek-results.txt 2015-11-26 09:27 - 2015-11-26 00:41 - 00024064 _____ C:\Windows\zoek-delete.exe 2015-11-26 00:11 - 2015-11-26 00:11 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\OpenOffice 2015-11-25 23:30 - 2015-11-25 23:30 - 00262144 _____ C:\Windows\system32\config\elam 2015-11-25 22:54 - 2015-12-03 13:16 - 00000000 ____D C:\ProgramData\RegRun 2015-11-25 22:49 - 2015-11-25 22:50 - 00000000 ____D C:\Users\Davina-Divine\Desktop\RK_Quarantine 2015-11-25 22:33 - 2015-12-02 12:18 - 00000264 _____ C:\Windows\system32\PARTIZAN.TXT 2015-11-25 22:30 - 2015-11-25 22:30 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe 2015-11-25 22:25 - 2015-12-01 00:11 - 00024416 _____ (Greatis Software) C:\Windows\system32\Drivers\regguard.sys 2015-11-25 22:11 - 2015-11-25 22:11 - 00504554 _____ C:\Users\Davina-Divine\Desktop\regrunlog.txt 2015-11-25 21:45 - 2015-11-25 21:45 - 00003090 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-25 21:40 - 2015-11-25 21:40 - 00184620 _____ C:\Users\Davina-Divine\Downloads\JavaRa-2.6.1.zip 2015-11-25 21:35 - 2015-11-25 21:35 - 00000000 ____D C:\Windows\system32\appmgmt 2015-11-25 21:03 - 2015-11-25 23:26 - 00000000 ____D C:\zoek_backup 2015-11-25 17:56 - 2015-11-25 17:56 - 00002747 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2015-11-25 17:56 - 2015-11-25 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-11-25 17:43 - 2015-11-25 17:50 - 139457000 _____ (Sophos Limited) C:\Users\Davina-Divine\Downloads\Sophos Virus Removal Tool.exe 2015-11-25 17:42 - 2015-11-25 17:56 - 00000000 ____D C:\Program Files\Sophos 2015-11-25 17:42 - 2015-11-25 17:55 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2015-11-25 17:42 - 2015-11-25 17:42 - 00000000 ____D C:\ProgramData\Sophos 2015-11-25 17:38 - 2015-11-25 17:38 - 00000130 ___RH C:\Users\Davina-Divine\Downloads\Stinger.opt 2015-11-25 17:10 - 2015-11-25 17:15 - 00000821 _____ C:\Users\Davina-Divine\Downloads\Stinger_25112015_171009.html 2015-11-25 17:10 - 2015-11-25 17:10 - 00000000 ____D C:\Program Files\McAfee 2015-11-25 17:07 - 2015-11-25 17:08 - 15624560 _____ (McAfee Inc) C:\Users\Davina-Divine\Downloads\stinger32.exe 2015-11-25 16:15 - 2015-11-25 16:16 - 30625033 _____ C:\Users\Davina-Divine\Desktop\regrunck_result.txt 2015-11-25 15:55 - 2015-12-01 00:10 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2015-11-25 15:55 - 2015-12-01 00:04 - 00000000 ____D C:\Users\Davina-Divine\Documents\RegRun2 2015-11-25 15:55 - 2015-11-25 15:55 - 00035816 _____ (Greatis Software) C:\Windows\system32\Drivers\Partizan.sys 2015-11-25 15:55 - 2015-11-25 15:55 - 00000913 _____ C:\Users\Davina-Divine\Desktop\UnHackMe.lnk 2015-11-25 15:55 - 2015-11-25 15:55 - 00000002 RSHOT C:\Windows\winstart.bat 2015-11-25 15:55 - 2015-11-25 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2015-11-25 15:55 - 2013-09-05 10:19 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys 2015-11-25 15:54 - 2015-12-01 00:03 - 00000000 ____D C:\Program Files\UnHackMe 2015-11-25 02:45 - 2015-12-01 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect 2015-11-25 02:45 - 2015-12-01 16:45 - 00000000 ____D C:\Program Files\Reason 2015-11-25 01:21 - 2015-11-25 01:21 - 00030454 _____ C:\Users\Davina-Divine\Downloads\DashlaneExport.xls 2015-11-25 01:08 - 2015-12-01 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2015-11-25 01:08 - 2015-11-25 01:08 - 00000000 ____D C:\Program Files\Panda Security 2015-11-25 00:56 - 2015-12-01 00:01 - 00000000 ____D C:\AdwCleaner 2015-11-25 00:52 - 2015-11-25 15:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2015-11-25 00:52 - 2015-11-25 03:52 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-11-25 00:44 - 2015-11-30 23:54 - 00001070 _____ C:\Users\Davina-Divine\Desktop\JRT.txt 2015-11-25 00:34 - 2015-11-25 00:34 - 00085176 _____ C:\TDSSKiller.2.6.20.0_25.11.2015_00.34.06_log.txt 2015-11-22 13:58 - 2015-11-22 14:25 - 120133206 _____ C:\Users\Davina-Divine\Downloads\480P_200k_28498621.mp4 2015-11-15 11:11 - 2015-11-15 11:11 - 00000388 _____ C:\Users\Davina-Divine\Documents\cc_20151115_111119.reg 2015-11-12 18:36 - 2015-12-03 12:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-12 14:24 - 2015-11-03 17:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-12 01:18 - 2015-11-12 01:18 - 00000011 _____ C:\Users\Davina-Divine\Documents\skype.txt 2015-11-11 23:06 - 2015-11-25 21:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-11-11 21:55 - 2015-11-25 15:36 - 00000000 ____D C:\Program Files\Common Files\Java 2015-11-11 21:52 - 2015-11-11 21:54 - 05617377 _____ C:\Users\Davina-Divine\Downloads\classtab.zip 2015-11-11 21:50 - 2015-11-11 21:50 - 00584288 _____ (Oracle Corporation) C:\Users\Davina-Divine\Downloads\jxpiinstall.exe 2015-11-11 21:40 - 2014-10-06 08:36 - 00287478 ____N C:\Users\Davina-Divine\Desktop\jszip.js 2015-11-11 21:40 - 2014-10-06 08:36 - 00007747 ____N C:\Users\Davina-Divine\Desktop\FileSaver.js 2015-11-11 21:39 - 2015-11-11 21:39 - 00075942 _____ C:\Users\Davina-Divine\Downloads\instatake-master.zip 2015-11-11 19:57 - 2015-11-11 19:58 - 00000000 ____D C:\Users\Davina-Divine\AppData\Local\iWesoft 2015-11-11 19:57 - 2015-11-11 19:57 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader 2015-11-11 19:57 - 2015-11-11 19:57 - 00000000 ____D C:\Program Files\Instagram Downloader 2015-11-11 19:53 - 2015-11-11 19:54 - 03998208 _____ (iWesoft) C:\Users\Davina-Divine\Downloads\InstagramDownloader_setup.exe 2015-11-11 19:34 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-11 19:34 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-11 19:34 - 2015-10-30 22:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-11 19:34 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-11 19:34 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-11 19:34 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-11 19:34 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-11 19:34 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-11 19:34 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-11 19:34 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-11 19:34 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-11 19:34 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-11 19:34 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-11 19:34 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-11 19:34 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-11 19:34 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-11 19:34 - 2015-10-30 22:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-11 19:34 - 2015-10-30 22:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-11 19:34 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-11 19:34 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-11 19:34 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-11 19:34 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-11 19:34 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-11 19:34 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-11 19:34 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-11 19:34 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-11 19:34 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-11 19:34 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-11 19:34 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-11 19:34 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-11 19:34 - 2015-10-30 22:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-11 19:34 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-11 19:34 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-11 19:34 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-11 19:34 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-11-11 19:34 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-11 19:34 - 2015-10-20 00:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-11 19:34 - 2015-10-20 00:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-11 19:34 - 2015-10-20 00:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-11 19:34 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-11 19:34 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-11 19:34 - 2015-10-20 00:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-11 19:34 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-11 19:34 - 2015-10-20 00:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-11 19:34 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-11 19:34 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-11 19:34 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-11 19:34 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-11 19:34 - 2015-10-19 23:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-11 19:34 - 2015-10-19 23:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-11 19:34 - 2015-10-19 23:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-11 19:34 - 2015-10-13 16:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-11 19:34 - 2015-10-13 16:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-11 19:34 - 2015-10-13 04:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-11 19:31 - 2015-09-23 13:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-11 19:31 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-11 19:30 - 2015-10-20 17:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-11 19:30 - 2015-10-20 17:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-11 19:30 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-11 19:30 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-11 19:30 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-11 19:30 - 2015-10-20 17:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-11 19:30 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-11 19:30 - 2015-10-20 17:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-11 19:30 - 2015-10-20 17:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-11 19:30 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-11 19:30 - 2015-10-20 17:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-11 19:30 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-11 19:30 - 2015-10-01 17:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-10 17:00 - 2015-11-10 17:01 - 07368965 _____ C:\Users\Davina-Divine\Downloads\TL-WN722N_V1_140918.zip 2015-11-10 09:42 - 2015-11-10 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-11-06 00:58 - 2015-11-06 00:58 - 04619566 _____ C:\Users\Davina-Divine\Documents\vmbjqhyc.flv 2015-11-06 00:54 - 2015-11-06 00:56 - 09055670 _____ C:\Users\Davina-Divine\Documents\raddakgq.flv 2015-11-04 16:51 - 2015-11-04 16:52 - 05650915 _____ C:\Users\Davina-Divine\Downloads\Movie.wmv 2015-11-04 02:28 - 2015-11-14 13:02 - 00000000 ____D C:\Users\Davina-Divine\Documents\classtab 2015-11-03 01:39 - 2015-11-03 01:58 - 60728165 _____ C:\Users\Davina-Divine\Downloads\480P_600K_59658781.mp4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-03 13:16 - 2009-07-14 02:37 - 00000000 ____D C:\Windows 2015-12-03 13:06 - 2015-09-07 12:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-03 12:58 - 2015-09-07 12:53 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-12-03 12:46 - 2015-09-07 12:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-12-03 12:41 - 2015-09-07 12:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-03 01:13 - 2015-09-06 22:03 - 00000000 ___HD C:\Windows\system32\WLANProfiles 2015-12-03 00:32 - 2015-10-03 14:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-02 13:58 - 2015-09-07 12:53 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-12-02 13:20 - 2015-09-08 14:43 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\MPC-HC 2015-12-02 12:26 - 2009-07-14 04:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-02 12:26 - 2009-07-14 04:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-02 12:24 - 2010-11-20 21:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-02 12:24 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf 2015-12-02 12:20 - 2015-09-30 13:30 - 00000000 ___RD C:\Users\Davina-Divine\Dropbox 2015-12-02 12:20 - 2015-09-07 12:52 - 00000000 ____D C:\Users\Davina-Divine\AppData\Local\Dropbox 2015-12-02 12:18 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-02 00:16 - 2009-07-14 02:04 - 00000215 _____ C:\Windows\system.ini 2015-12-01 21:04 - 2015-09-07 22:58 - 00000000 ____D C:\ProgramData\TEMP 2015-12-01 16:47 - 2015-09-08 13:10 - 00000000 ____D C:\Users\Davina-Divine\Downloads\clean 2015-11-28 14:16 - 2015-09-07 22:55 - 00000000 ____D C:\Program Files\System Ninja 2015-11-28 10:26 - 2015-09-14 01:55 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\vlc 2015-11-26 11:08 - 2015-09-07 13:01 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-26 10:03 - 2015-09-07 12:36 - 00001731 _____ C:\Users\Davina-Divine\Desktop\Dashlane.lnk 2015-11-26 10:03 - 2015-09-07 12:36 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane 2015-11-25 23:10 - 2009-07-14 02:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-11-25 21:41 - 2014-04-20 11:57 - 00000000 ____D C:\Users\Davina-Divine\Desktop\JavaRa-2.6 2015-11-25 21:38 - 2015-09-07 12:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-11-25 21:36 - 2015-09-07 12:48 - 00000000 ____D C:\Program Files\Java 2015-11-25 15:55 - 2009-07-14 02:04 - 00002577 _____ C:\Windows\system32\config.nt 2015-11-25 15:55 - 2009-07-14 02:04 - 00001688 _____ C:\Windows\system32\autoexec.nt 2015-11-25 15:38 - 2015-09-05 20:36 - 00000000 ____D C:\Users\Davina-Divine 2015-11-25 15:37 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\AppCompat 2015-11-25 15:36 - 2015-09-09 16:59 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Comodo 2015-11-25 15:36 - 2015-09-09 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-11-25 15:36 - 2015-09-09 16:59 - 00000000 ____D C:\Program Files\Comodo 2015-11-25 15:36 - 2015-09-07 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-25 15:36 - 2015-09-07 13:01 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-11-25 15:36 - 2015-09-07 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-25 15:36 - 2015-09-07 12:48 - 00000000 ____D C:\ProgramData\Oracle 2015-11-25 15:36 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\registration 2015-11-25 15:35 - 2015-09-07 13:01 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-25 01:06 - 2015-09-07 12:49 - 00000000 ____D C:\Users\Davina-Divine\.oracle_jre_usage 2015-11-24 13:30 - 2015-10-25 15:53 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Hola 2015-11-23 11:15 - 2015-09-07 13:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-11-13 03:57 - 2009-07-14 04:33 - 00284336 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-12 18:36 - 2015-10-07 15:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-11-12 18:36 - 2015-10-07 15:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-11-12 04:04 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache 2015-11-12 03:25 - 2010-11-21 00:47 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-11 21:54 - 2015-09-07 12:49 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-11-11 18:56 - 2015-09-07 12:47 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-11 18:54 - 2015-09-07 22:58 - 00000000 ____D C:\Program Files\SpywareBlaster 2015-11-10 17:07 - 2015-09-06 14:52 - 00000000 ____D C:\Users\Davina-Divine\AppData\Local\ElevatedDiagnostics 2015-11-10 09:42 - 2015-09-07 12:52 - 00000000 ____D C:\Program Files\Dropbox 2015-11-07 17:45 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF Some files in TEMP: ==================== C:\Users\Davina-Divine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxpi68i.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-01 18:58 ==================== End of FRST.txt ============================
- December 3, 2015
- 11 replies
Infection

Voods posted a topic in Resolved Malware Removal Logs

Hi there I have been having multiple issues with my laptop. Tried fixing with the various programs that are commonly used to no resolve. My internet is really slow, takes 5 mins sometimes to download a file the size of 500kb. Thats if it stays connected. My connection breaks over 40 times a day. Malwarebytes only loads around 1 in 20 times, even using Chameleon doesn't work, when it did load, nothing was found, either in SuperantiSpyware either. Out of desperation, I tried using aswmbr and combofix myself, but still to no avail. I've had to borrow a computer to get online for a prolonged period of time. It's the only computer in the house that is having issues, it's also running slow. I have also scanned with unhackme, sophos, stinger, gmer, rkill. But still nothing found. It's practicall like a zombie. I had to uninstall Java, as I noticed 14 instances of javaws.exe, which was alarming. Also, the system file csrss.exe has no file location or details about it, i'm sure i've noticed it pointing to system32 before. Any help would be most welcome. Regards Dave
- December 3, 2015
- 11 replies

Sign In

Voods

Posts

Joined

Last visited

Reputation

Recent Profile Visitors

picasso

Infection

Infection

Infection

Infection

Infection

Infection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information