samkumpe

Ads played in the background during any activity, general slowness

28 posts in this topic

Hello, my computer seems to be infected with something called  "PUP.Optional.SProtector.A", and despite being repeatedly dectected and removed by malwarebytes, it just won't go away. I attached the files requested from the DDS. Thank you in advance!

-Samattach.txtdds.txt

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites

Lets clean out any adware first: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Last......

    Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

    Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

    Make sure that everything is checked, and click Remove Selected.

    Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

You posted a protection log, not the log from the scan.

..anyway...is there any improvement??

MrC

Share this post


Link to post
Share on other sites

I'm sorry! I can't figure out where I saved the log to. I can run another scan if you want. My computer seems better, I haven't heard an ad and I can play a youtube video without it stuttering.

Share this post


Link to post
Share on other sites

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

Share this post


Link to post
Share on other sites
 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.1    

 Java 7 Update 15  

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Reader XI  

 Google Chrome 29.0.1547.57  

 Google Chrome 29.0.1547.62  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 5% 

````````````````````End of Log`````````````````````` 

Share this post


Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 15 <---please update, should be Update 40

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~


Adobe Flash Player 10 Flash Player out of Date! <-----Check for an update if available

~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites

Hi, I noticed the ads started playing again last night, and malwarebytes didn't detect anything with a quick scan or a full scan.

Share this post


Link to post
Share on other sites

Please scan the system with DDS and RogueKiller again and post the new logs.

 

MrC

Share this post


Link to post
Share on other sites

Run through these scan again...make sure you download fresh copies: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last.......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Yes I'm sorry. Adwcleaner scanned and rebooted but there's no log. I can't find it. Running JRT now.

Share this post


Link to post
Share on other sites

No, run Malwarebytes:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

------------------------------------

Then....

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03

Ran by Sam (administrator) on SAM-PC on 18-09-2013 12:51:27

Running from C:\Users\Sam\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(ASUS) C:\Windows\AsScrPro.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-07-20] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)

HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)

HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [Google Update] - C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-10] (Google Inc.)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1811368 2013-09-06] (Valve Corporation)

HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKCU\...\Run: [spotify Web Helper] - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-13] (Spotify Ltd)

HKCU\...\Run: [47EAB8E3A7A5EFBA9AA63EF8B0C7B5264F05AD8D._service_run] - C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)

HKCU\...\Run: [spotify] - C:\Users\Sam\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-13] (Spotify Ltd)

HKCU\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] - C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)

HKCU\...\RunOnce: [Application Restart #2] - C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe  --flag-switches-begin --enable-sync-favicons --sync-keystore-encryption --flag-switches-end --flag-switches-begin --enable-sync-favicons --sync-keystore-encryption --flag-switches-end --restore-last-session http://www.sendspace.com [829392 2013-09-02] (Google Inc.)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [371 2013-09-16] ()

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-17] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)

HKLM-x32\...\Run: [sonicMasterTray] - C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\UpdatusUser\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [203072 2011-10-16] (NVIDIA Corporation)

Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk

ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR RestoreOnStartup: ""

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Sam\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sam\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Sam\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.26_0

CHR Extension: (YouTube) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (savensHearre ) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmbdakjbcpaeipjdfdmjacbildilcja\5.10

CHR Extension: (PicMonkey) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0

CHR Extension: (Virtual Piano Black) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjagcpcbacoaogfljhglghpjhkmmfeeo\4_0

CHR Extension: (avast! Online Security) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0

CHR Extension: (Dropbox) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0

CHR Extension: (BBC Good Food) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Type Fu) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0

CHR Extension: (Gmail) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR Extension: (BodBot) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk\4.3.4_0

CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Sam\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-28] (SurfRight B.V.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-18 12:51 - 2013-09-18 12:51 - 00000000 ____D C:\FRST

2013-09-18 12:50 - 2013-09-18 12:51 - 01950524 _____ (Farbar) C:\Users\Sam\Downloads\FRST64.exe

2013-09-18 07:41 - 2013-09-18 08:04 - 00000841 _____ C:\Users\Sam\Desktop\JRT.txt

2013-09-18 07:19 - 2013-09-18 07:19 - 01029675 _____ (Thisisu) C:\Users\Sam\Downloads\JRT (1).exe

2013-09-16 15:50 - 2013-09-16 15:50 - 01039554 _____ C:\Users\Sam\Downloads\AdwCleaner (1).exe

2013-09-16 10:23 - 2013-09-16 10:23 - 00023458 _____ C:\Users\Sam\Downloads\dds.txt

2013-09-16 10:22 - 2013-09-16 10:22 - 00023458 _____ C:\Users\Sam\Desktop\dds.txt

2013-09-16 10:20 - 2013-09-16 10:21 - 00688992 ____R (Swearware) C:\Users\Sam\Downloads\dds.com

2013-09-16 10:11 - 2013-09-16 10:19 - 00003291 _____ C:\Users\Sam\Desktop\RKreport[0]_S_09162013_101149.txt

2013-09-16 09:56 - 2013-09-16 09:56 - 00891144 _____ C:\Users\Sam\Downloads\SecurityCheck (2).exe

2013-09-16 09:46 - 2013-09-16 10:11 - 00000000 ____D C:\Users\Sam\Desktop\RK_Quarantine

2013-09-16 09:46 - 2013-09-16 09:46 - 03787776 _____ C:\Users\Sam\Downloads\RogueKillerX64 (2).exe

2013-09-16 06:57 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-16 06:57 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-16 06:57 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-16 06:57 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-16 06:57 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-16 06:56 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-16 06:56 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-16 06:56 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-16 06:56 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-16 06:56 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-16 06:56 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-16 06:56 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-16 06:56 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-16 06:56 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-16 06:56 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-16 06:56 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-16 06:56 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-16 06:56 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-16 06:56 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-16 06:56 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-16 06:56 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-16 06:56 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-16 06:56 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-15 23:30 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-15 23:30 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-15 23:30 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-15 23:30 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-15 23:30 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-15 23:30 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-15 23:30 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-15 23:30 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-15 23:30 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-15 23:30 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-15 23:30 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-15 23:30 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-15 23:30 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-15 23:30 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-15 23:30 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-15 23:30 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-15 23:30 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-15 23:30 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-15 23:30 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-15 23:30 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-15 23:30 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-15 23:30 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-15 23:30 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-15 23:30 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-15 23:30 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-15 23:30 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-15 23:30 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-09-15 17:58 - 2013-09-15 17:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-09-11 22:38 - 2013-09-11 22:38 - 01818229 _____ C:\Users\Sam\Downloads\Online_Travel_Orientation_201314 (1).ppsx

2013-09-11 22:38 - 2013-09-11 22:38 - 00000000 ____D C:\Program Files (x86)\MSECache

2013-09-11 22:36 - 2013-09-11 22:36 - 63210976 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\PowerPointViewer.exe

2013-09-11 22:35 - 2013-09-11 22:35 - 01818229 _____ C:\Users\Sam\Downloads\Online_Travel_Orientation_201314.ppsx

2013-09-11 22:02 - 2013-09-11 22:02 - 00000000 ____D C:\ProgramData\Oracle

2013-09-11 22:01 - 2013-09-11 22:01 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-09-11 22:01 - 2013-09-11 22:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-09-11 22:01 - 2013-09-11 22:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-09-11 22:01 - 2013-09-11 22:01 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-09-11 21:43 - 2013-09-11 21:44 - 00891144 _____ C:\Users\Sam\Downloads\SecurityCheck (1).exe

2013-09-11 21:37 - 2013-09-11 21:37 - 00891144 _____ C:\Users\Sam\Downloads\SecurityCheck.exe

2013-09-11 18:35 - 2013-09-11 18:35 - 01029490 _____ (Thisisu) C:\Users\Sam\Downloads\JRT.exe

2013-09-11 18:35 - 2013-09-11 18:35 - 00000000 ____D C:\Windows\ERUNT

2013-09-11 18:32 - 2013-09-11 18:32 - 00005553 _____ C:\Users\Sam\Desktop\AdwCleaner[s0].txt

2013-09-11 18:22 - 2013-09-16 15:59 - 00000000 ____D C:\AdwCleaner

2013-09-11 18:21 - 2013-09-11 18:22 - 01037278 _____ C:\Users\Sam\Downloads\AdwCleaner.exe

2013-09-11 16:49 - 2013-09-11 16:49 - 03787776 _____ C:\Users\Sam\Downloads\RogueKillerX64 (1).exe

2013-09-09 17:52 - 2013-09-16 10:22 - 00007999 _____ C:\Users\Sam\Desktop\attach.txt

2013-09-09 17:42 - 2013-09-09 17:42 - 03788288 _____ C:\Users\Sam\Downloads\RogueKillerX64.exe

2013-09-09 17:40 - 2013-09-09 17:40 - 00000000 ____D C:\Windows\ERDNT

2013-09-09 17:39 - 2013-09-09 17:40 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-09-09 17:39 - 2013-09-09 17:39 - 00000926 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk

2013-09-09 17:39 - 2013-09-09 17:39 - 00000926 _____ C:\Users\Sam\Desktop\NTREGOPT.lnk

2013-09-09 17:39 - 2013-09-09 17:39 - 00000907 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk

2013-09-09 17:39 - 2013-09-09 17:39 - 00000907 _____ C:\Users\Sam\Desktop\ERUNT.lnk

2013-09-09 17:38 - 2013-09-09 17:39 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Sam\Downloads\erunt-setup.exe

2013-09-05 21:54 - 2013-09-05 21:54 - 33330688 _____ C:\Users\Sam\Downloads\Chapter 1 (1).ppt

2013-09-05 21:53 - 2013-09-05 21:54 - 33330688 _____ C:\Users\Sam\Downloads\Chapter 1.ppt

2013-08-28 22:31 - 2013-08-28 22:31 - 00030586 _____ C:\Users\Sam\Documents\HitmanPro_20130828_2231.log

2013-08-28 22:13 - 2013-08-28 22:13 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk

2013-08-28 22:13 - 2013-08-28 22:13 - 00000000 ____D C:\Program Files\HitmanPro

2013-08-28 22:12 - 2013-08-28 22:32 - 00000000 ____D C:\ProgramData\HitmanPro

2013-08-28 21:54 - 2013-08-28 21:58 - 09879648 _____ (SurfRight B.V.) C:\Users\Sam\Downloads\HitmanPro_x64.exe

2013-08-28 21:48 - 2013-08-28 21:48 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Apple Computer

2013-08-28 19:09 - 2013-08-28 19:09 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-28 19:09 - 2013-08-28 19:09 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Malwarebytes

2013-08-28 19:09 - 2013-08-28 19:09 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-28 19:09 - 2013-08-28 19:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-28 19:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-28 19:08 - 2013-08-28 19:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sam\Downloads\mbam-consumer.exe

2013-08-28 18:46 - 2013-08-28 21:47 - 00002872 _____ C:\Windows\system32\TmInstall.log

2013-08-28 18:46 - 2013-08-28 18:46 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log

2013-08-28 18:22 - 2013-08-28 18:22 - 00001945 _____ C:\Windows\epplauncher.mif

2013-08-28 18:21 - 2013-08-28 18:21 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-08-28 18:21 - 2013-08-28 18:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-08-28 18:18 - 2013-08-28 18:19 - 13813944 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\mseinstall.exe

2013-08-28 18:14 - 2013-05-02 10:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-08-28 18:08 - 2013-08-28 18:08 - 00347424 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\MicrosoftFixit.wu.LB.150301162099276770.1.1.Run.exe

2013-08-28 17:49 - 2013-08-28 17:50 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-08-28 17:49 - 2013-08-28 17:49 - 00000000 ____D C:\ProgramData\Apple Computer

2013-08-28 17:48 - 2013-08-28 17:48 - 00000000 ____D C:\Users\Sam\AppData\Local\Apple

2013-08-28 17:48 - 2013-08-28 17:48 - 00000000 ____D C:\ProgramData\Apple

2013-08-28 17:48 - 2013-08-28 17:48 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-08-28 17:46 - 2013-08-28 17:47 - 41404760 _____ (Apple Inc.) C:\Users\Sam\Downloads\QuickTimeInstaller.exe

2013-08-28 17:45 - 2013-08-28 17:45 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Sam\Downloads\Shockwave_Installer_Slim.exe

2013-08-28 17:45 - 2013-08-28 17:45 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-08-28 17:44 - 2013-08-28 17:44 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-08-28 17:43 - 2013-08-28 17:43 - 00000000 ____D C:\ProgramData\Adobe

2013-08-28 17:43 - 2013-08-28 17:43 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-08-28 17:42 - 2013-09-04 22:51 - 00000000 ____D C:\Users\Sam\AppData\Local\Adobe

2013-08-26 08:42 - 2013-08-26 08:42 - 00090915 _____ C:\Users\Sam\Downloads\Rules for Writing.pptx

 

==================== One Month Modified Files and Folders =======

 

2013-09-18 12:51 - 2013-09-18 12:51 - 00000000 ____D C:\FRST

2013-09-18 12:51 - 2013-09-18 12:50 - 01950524 _____ (Farbar) C:\Users\Sam\Downloads\FRST64.exe

2013-09-18 12:22 - 2012-07-10 20:39 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-60719987-3572793315-3272503612-1001UA.job

2013-09-18 12:11 - 2012-07-10 20:39 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-60719987-3572793315-3272503612-1001Core.job

2013-09-18 12:11 - 2012-04-02 19:26 - 02096251 _____ C:\Windows\WindowsUpdate.log

2013-09-18 08:05 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-09-18 08:04 - 2013-09-18 07:41 - 00000841 _____ C:\Users\Sam\Desktop\JRT.txt

2013-09-18 07:19 - 2013-09-18 07:19 - 01029675 _____ (Thisisu) C:\Users\Sam\Downloads\JRT (1).exe

2013-09-16 18:40 - 2012-09-11 07:08 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Dropbox

2013-09-16 18:40 - 2012-08-13 21:54 - 00000000 ____D C:\Users\Sam\AppData\Local\Windows Live

2013-09-16 18:27 - 2012-09-11 07:10 - 00000000 ___RD C:\Users\Sam\Dropbox

2013-09-16 18:26 - 2012-07-11 12:39 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Spotify

2013-09-16 18:25 - 2013-06-03 14:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-09-16 18:25 - 2012-07-10 20:58 - 00000000 ____D C:\Program Files (x86)\Steam

2013-09-16 18:25 - 2012-07-10 20:35 - 00000000 ___RD C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-16 18:25 - 2012-07-10 20:35 - 00000000 ___RD C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-16 16:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-09-16 16:10 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-16 16:10 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-16 16:08 - 2009-07-14 00:13 - 00795104 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-16 16:03 - 2009-07-13 23:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-16 16:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-16 16:02 - 2009-07-13 23:51 - 00062392 _____ C:\Windows\setupact.log

2013-09-16 15:59 - 2013-09-11 18:22 - 00000000 ____D C:\AdwCleaner

2013-09-16 15:50 - 2013-09-16 15:50 - 01039554 _____ C:\Users\Sam\Downloads\AdwCleaner (1).exe

2013-09-16 10:23 - 2013-09-16 10:23 - 00023458 _____ C:\Users\Sam\Downloads\dds.txt

2013-09-16 10:22 - 2013-09-16 10:22 - 00023458 _____ C:\Users\Sam\Desktop\dds.txt

2013-09-16 10:22 - 2013-09-09 17:52 - 00007999 _____ C:\Users\Sam\Desktop\attach.txt

2013-09-16 10:21 - 2013-09-16 10:20 - 00688992 ____R (Swearware) C:\Users\Sam\Downloads\dds.com

2013-09-16 10:19 - 2013-09-16 10:11 - 00003291 _____ C:\Users\Sam\Desktop\RKreport[0]_S_09162013_101149.txt

2013-09-16 10:11 - 2013-09-16 09:46 - 00000000 ____D C:\Users\Sam\Desktop\RK_Quarantine

2013-09-16 09:56 - 2013-09-16 09:56 - 00891144 _____ C:\Users\Sam\Downloads\SecurityCheck (2).exe

2013-09-16 09:46 - 2013-09-16 09:46 - 03787776 _____ C:\Users\Sam\Downloads\RogueKillerX64 (2).exe

2013-09-16 06:56 - 2012-08-10 19:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-16 06:56 - 2011-10-17 23:17 - 00811800 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-15 23:24 - 2012-07-10 20:35 - 00058016 _____ C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-15 23:23 - 2012-07-11 12:40 - 00000000 ____D C:\Users\Sam\AppData\Local\Spotify

2013-09-15 17:58 - 2013-09-15 17:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-09-11 22:38 - 2013-09-11 22:38 - 01818229 _____ C:\Users\Sam\Downloads\Online_Travel_Orientation_201314 (1).ppsx

2013-09-11 22:38 - 2013-09-11 22:38 - 00000000 ____D C:\Program Files (x86)\MSECache

2013-09-11 22:36 - 2013-09-11 22:36 - 63210976 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\PowerPointViewer.exe

2013-09-11 22:35 - 2013-09-11 22:35 - 01818229 _____ C:\Users\Sam\Downloads\Online_Travel_Orientation_201314.ppsx

2013-09-11 22:02 - 2013-09-11 22:02 - 00000000 ____D C:\ProgramData\Oracle

2013-09-11 22:01 - 2013-09-11 22:01 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-09-11 22:01 - 2013-09-11 22:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-09-11 22:01 - 2013-09-11 22:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-09-11 22:01 - 2013-09-11 22:01 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-09-11 22:01 - 2012-07-10 21:13 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-09-11 22:01 - 2012-07-10 21:13 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-09-11 21:44 - 2013-09-11 21:43 - 00891144 _____ C:\Users\Sam\Downloads\SecurityCheck (1).exe

2013-09-11 21:37 - 2013-09-11 21:37 - 00891144 _____ C:\Users\Sam\Downloads\SecurityCheck.exe

2013-09-11 18:35 - 2013-09-11 18:35 - 01029490 _____ (Thisisu) C:\Users\Sam\Downloads\JRT.exe

2013-09-11 18:35 - 2013-09-11 18:35 - 00000000 ____D C:\Windows\ERUNT

2013-09-11 18:32 - 2013-09-11 18:32 - 00005553 _____ C:\Users\Sam\Desktop\AdwCleaner[s0].txt

2013-09-11 18:30 - 2012-04-02 19:38 - 00001586 _____ C:\Windows\system32\ServiceFilter.ini

2013-09-11 18:25 - 2012-08-10 19:13 - 00000000 ____D C:\Users\Sam\AppData\Roaming\SoftGrid Client

2013-09-11 18:22 - 2013-09-11 18:21 - 01037278 _____ C:\Users\Sam\Downloads\AdwCleaner.exe

2013-09-11 16:49 - 2013-09-11 16:49 - 03787776 _____ C:\Users\Sam\Downloads\RogueKillerX64 (1).exe

2013-09-09 18:09 - 2012-08-02 16:19 - 00000000 ____D C:\Users\Sam\AppData\Roaming\uTorrent

2013-09-09 17:42 - 2013-09-09 17:42 - 03788288 _____ C:\Users\Sam\Downloads\RogueKillerX64.exe

2013-09-09 17:40 - 2013-09-09 17:40 - 00000000 ____D C:\Windows\ERDNT

2013-09-09 17:40 - 2013-09-09 17:39 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-09-09 17:39 - 2013-09-09 17:39 - 00000926 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk

2013-09-09 17:39 - 2013-09-09 17:39 - 00000926 _____ C:\Users\Sam\Desktop\NTREGOPT.lnk

2013-09-09 17:39 - 2013-09-09 17:39 - 00000907 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk

2013-09-09 17:39 - 2013-09-09 17:39 - 00000907 _____ C:\Users\Sam\Desktop\ERUNT.lnk

2013-09-09 17:39 - 2013-09-09 17:38 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Sam\Downloads\erunt-setup.exe

2013-09-05 22:33 - 2012-08-10 19:16 - 00000000 ____D C:\Users\Sam\Documents\School

2013-09-05 21:54 - 2013-09-05 21:54 - 33330688 _____ C:\Users\Sam\Downloads\Chapter 1 (1).ppt

2013-09-05 21:54 - 2013-09-05 21:53 - 33330688 _____ C:\Users\Sam\Downloads\Chapter 1.ppt

2013-09-04 22:51 - 2013-08-28 17:42 - 00000000 ____D C:\Users\Sam\AppData\Local\Adobe

2013-09-04 22:51 - 2012-07-10 20:37 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Adobe

2013-08-28 22:32 - 2013-08-28 22:12 - 00000000 ____D C:\ProgramData\HitmanPro

2013-08-28 22:31 - 2013-08-28 22:31 - 00030586 _____ C:\Users\Sam\Documents\HitmanPro_20130828_2231.log

2013-08-28 22:13 - 2013-08-28 22:13 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk

2013-08-28 22:13 - 2013-08-28 22:13 - 00000000 ____D C:\Program Files\HitmanPro

2013-08-28 21:58 - 2013-08-28 21:54 - 09879648 _____ (SurfRight B.V.) C:\Users\Sam\Downloads\HitmanPro_x64.exe

2013-08-28 21:48 - 2013-08-28 21:48 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Apple Computer

2013-08-28 21:48 - 2012-04-02 19:38 - 00002454 _____ C:\Windows\system32\AutoRunFilter.ini

2013-08-28 21:47 - 2013-08-28 18:46 - 00002872 _____ C:\Windows\system32\TmInstall.log

2013-08-28 21:46 - 2012-07-10 20:52 - 00000000 ____D C:\ProgramData\AVAST Software

2013-08-28 21:46 - 2011-10-17 22:58 - 00122894 _____ C:\Windows\PFRO.log

2013-08-28 19:09 - 2013-08-28 19:09 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-28 19:09 - 2013-08-28 19:09 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Malwarebytes

2013-08-28 19:09 - 2013-08-28 19:09 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-28 19:09 - 2013-08-28 19:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-28 19:08 - 2013-08-28 19:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sam\Downloads\mbam-consumer.exe

2013-08-28 18:46 - 2013-08-28 18:46 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log

2013-08-28 18:43 - 2011-10-17 23:30 - 00000000 ____D C:\ProgramData\Trend Micro

2013-08-28 18:36 - 2012-07-10 20:36 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security

2013-08-28 18:22 - 2013-08-28 18:22 - 00001945 _____ C:\Windows\epplauncher.mif

2013-08-28 18:21 - 2013-08-28 18:21 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-08-28 18:21 - 2013-08-28 18:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-08-28 18:19 - 2013-08-28 18:18 - 13813944 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\mseinstall.exe

2013-08-28 18:08 - 2013-08-28 18:08 - 00347424 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\MicrosoftFixit.wu.LB.150301162099276770.1.1.Run.exe

2013-08-28 17:50 - 2013-08-28 17:49 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-08-28 17:49 - 2013-08-28 17:49 - 00000000 ____D C:\ProgramData\Apple Computer

2013-08-28 17:48 - 2013-08-28 17:48 - 00000000 ____D C:\Users\Sam\AppData\Local\Apple

2013-08-28 17:48 - 2013-08-28 17:48 - 00000000 ____D C:\ProgramData\Apple

2013-08-28 17:48 - 2013-08-28 17:48 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-08-28 17:47 - 2013-08-28 17:46 - 41404760 _____ (Apple Inc.) C:\Users\Sam\Downloads\QuickTimeInstaller.exe

2013-08-28 17:45 - 2013-08-28 17:45 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Sam\Downloads\Shockwave_Installer_Slim.exe

2013-08-28 17:45 - 2013-08-28 17:45 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-08-28 17:44 - 2013-08-28 17:44 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-08-28 17:43 - 2013-08-28 17:43 - 00000000 ____D C:\ProgramData\Adobe

2013-08-28 17:43 - 2013-08-28 17:43 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-08-26 08:42 - 2013-08-26 08:42 - 00090915 _____ C:\Users\Sam\Downloads\Rules for Writing.pptx

2013-08-22 12:47 - 2013-05-30 16:11 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Little Inferno

2013-08-20 11:11 - 2012-12-16 18:32 - 00000000 ____D C:\ProgramData\InstallMate

2013-08-20 00:26 - 2012-07-15 00:14 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-08-20 00:26 - 2012-07-15 00:13 - 00000000 ____D C:\ProgramData\Skype

 

Some content of TEMP:

====================

C:\Users\Sam\AppData\Local\Temp\avguidx.dll

C:\Users\Sam\AppData\Local\Temp\FastDownload.exe

C:\Users\Sam\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Sam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Sam\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe

C:\Users\Sam\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\Sam\AppData\Local\Temp\oi_{970BA48E-1749-40FA-AF04-169F2A282063}.exe

C:\Users\Sam\AppData\Local\Temp\Quarantine.exe

C:\Users\Sam\AppData\Local\Temp\uttD99C.tmp.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-16 16:33

 

==================== End Of Log ============================

mbam-log-2013-09-18 (12-11-53).txt

Addition.txt

Share this post


Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Reboot and let me know how it is....MrC

Share this post


Link to post
Share on other sites
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03

Ran by Sam at 2013-09-18 20:30:07 Run:1

Running from D:\malware help

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

CHR Extension: (savensHearre ) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmbdakjbcpaeipjdfdmjacbildilcja\5.10

CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Sam\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx

 

*****************

 

C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmbdakjbcpaeipjdfdmjacbildilcja => Moved successfully.

 

==== End of Fixlog ====

 

I have been unable to duplicate my previous issues. It seems fine.

Share this post


Link to post
Share on other sites

Great.....This was the culprit:

CHR Extension: (savensHearre ) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmbdakjbcpaeipjdfdmjacbildilcja\5.10

Can you zip up this folder and attach it to your post:

C:\FRST\Quarantine

MrC

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.