1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved I need help with very strange Chinese SPAM/Malware

Discussion in 'Malware and Virus Removal Archive' started by bellisimo, 2014/05/25.

Page 6 of 7
  1. 2014/06/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    broni,
    #101
  2. 2014/06/06
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Broni,
    Combofix won't let me save it to my desktop. It will only save to my downloads and when I try to move it from my downloads to the desktop, it won't move.
     
    bellisimo,
    #102


  3. to hide this advert.

  4. 2014/06/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run it from downloads folder.
     
    broni,
    #103
  5. 2014/06/06
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Here is the combofix log. Interestingly, as comobix was about to make up the log another page of Chinese characters appeared:

    ComboFix 14-06-04.01 - a 06/06/2014 21:58:32.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8142.3451 [GMT -5:00]
    Running from: c:\users\a\Downloads\bert_bell.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-05-07 to 2014-06-07 )))))))))))))))))))))))))))))))
    .
    .
    2014-06-02 00:37 . 2014-06-02 00:37 -------- d-----w- c:\users\a\AppData\Roaming\DriverCure
    2014-06-02 00:37 . 2014-06-02 00:37 -------- d-----w- c:\users\a\AppData\Roaming\SparkTrust
    2014-06-02 00:36 . 2014-06-02 00:41 -------- d-----w- c:\programdata\SparkTrust
    2014-06-01 03:44 . 2014-06-01 03:44 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
    2014-06-01 00:51 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-06-01 00:50 . 2014-06-01 03:00 -------- d-----w- C:\AdwCleaner
    2014-05-31 16:54 . 2014-05-31 17:58 -------- d-----w- c:\users\a\AppData\Local\Adobe
    2014-05-31 07:34 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-05-31 04:01 . 2014-06-01 04:26 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2014-05-31 02:20 . 2014-05-31 02:20 -------- d-----w- c:\programdata\F-Secure
    2014-05-30 01:20 . 2014-05-30 01:20 -------- d-----w- c:\program files (x86)\ESET
    2014-05-27 05:42 . 2014-05-27 05:42 -------- d-----w- c:\program files (x86)\AVG
    2014-05-27 04:06 . 2014-05-27 04:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-05-25 20:43 . 2014-05-25 20:43 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-05-25 20:42 . 2014-05-25 20:42 313256 ----a-w- c:\windows\system32\javaws.exe
    2014-05-25 20:42 . 2014-05-25 20:42 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-05-25 20:42 . 2014-05-25 20:42 191400 ----a-w- c:\windows\system32\javaw.exe
    2014-05-25 20:42 . 2014-05-25 20:42 190888 ----a-w- c:\windows\system32\java.exe
    2014-05-18 06:09 . 2014-05-18 06:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-05-18 06:09 . 2014-05-18 06:09 -------- d-----w- c:\program files\iTunes
    2014-05-18 06:09 . 2014-05-18 06:09 -------- d-----w- c:\program files (x86)\iTunes
    2014-05-18 06:09 . 2014-05-18 06:09 -------- d-----w- c:\program files\iPod
    2014-05-15 05:21 . 2014-05-06 05:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
    2014-05-15 05:21 . 2014-05-06 05:14 19274752 ----a-w- c:\windows\system32\mshtml.dll
    2014-05-15 05:21 . 2014-05-06 03:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2014-05-15 05:21 . 2014-05-06 03:26 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-05-15 02:28 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
    2014-05-15 02:28 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
    2014-05-15 02:28 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-31 04:06 . 2014-02-01 16:02 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-31 04:06 . 2014-02-01 16:02 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-05-15 05:20 . 2013-08-02 20:46 93223848 ----a-w- c:\windows\system32\MRT.exe
    2014-04-28 15:27 . 2014-04-28 15:27 102704 ----a-w- c:\windows\system32\drivers\KNBDrv64.sys
    2014-04-28 15:27 . 2014-04-28 15:27 102704 ----a-w- c:\windows\system32\drivers\knbdrv.sys
    2014-04-28 15:27 . 2014-03-19 04:31 85352 ----a-w- c:\windows\system32\drivers\ksapi.sys
    2014-04-27 18:15 . 2014-04-27 17:45 139576 ----a-w- c:\windows\system32\drivers\kdhacker.sys
    2014-04-27 18:09 . 2014-04-27 17:45 33128 ----a-w- c:\windows\system32\drivers\bootsafe64.sys
    2014-04-27 18:09 . 2014-04-27 17:45 24936 ----a-w- c:\windows\system32\drivers\bootsafe.sys
    2014-04-27 17:45 . 2014-04-27 17:45 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
    2014-04-27 17:45 . 2014-04-27 17:45 31848 ----a-w- c:\windows\system32\drivers\kavbootc64.sys
    2014-04-27 17:45 . 2014-04-27 17:45 28520 ----a-w- c:\windows\system32\drivers\kavbootc.sys
    2014-04-27 17:45 . 2014-04-27 17:45 24472 ----a-w- c:\windows\system32\drivers\bc.sys
    2014-04-27 17:45 . 2014-04-27 17:45 225080 ----a-w- c:\windows\system32\drivers\kisknl64.sys
    2014-04-27 17:45 . 2014-04-27 17:45 225080 ----a-w- c:\windows\system32\drivers\kisknl.sys
    2014-04-27 17:45 . 2014-04-27 17:45 19352 ----a-w- c:\windows\system32\drivers\ksskrpr.sys
    2014-04-27 17:45 . 2014-04-27 17:45 18296 ----a-w- c:\windows\system32\drivers\kusbquery64.sys
    2014-04-27 17:45 . 2014-04-27 17:45 180024 ----a-w- c:\windows\system32\drivers\kdhacker64.sys
    2014-04-27 17:45 . 2014-04-27 17:45 14200 ----a-w- c:\windows\system32\drivers\kusbquery.sys
    2014-04-27 17:45 . 2014-04-27 17:45 115000 ----a-w- c:\windows\system32\drivers\kisnetmxp.sys
    2014-04-27 17:45 . 2014-04-27 17:45 113464 ----a-w- c:\windows\system32\drivers\kisnetm.sys
    2014-04-27 17:45 . 2014-04-27 17:45 109880 ----a-w- c:\windows\system32\drivers\kisnetm64.sys
    2014-03-17 01:57 . 2014-03-17 01:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2014-03-17 01:57 . 2014-03-17 01:57 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2014-03-13 06:33 . 2014-04-09 17:29 51712 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-03-13 06:33 . 2014-04-09 17:29 2238976 ----a-w- c:\windows\system32\wininet.dll
    2014-03-13 06:33 . 2014-04-09 17:29 1365504 ----a-w- c:\windows\system32\urlmon.dll
    2014-03-13 06:32 . 2014-04-09 17:29 197120 ----a-w- c:\windows\system32\msrating.dll
    2014-03-13 06:32 . 2014-04-09 17:29 603136 ----a-w- c:\windows\system32\msfeeds.dll
    2014-03-13 06:32 . 2014-04-09 17:29 53760 ----a-w- c:\windows\system32\jsproxy.dll
    2014-03-13 06:32 . 2014-04-09 17:29 855552 ----a-w- c:\windows\system32\jscript.dll
    2014-03-13 06:32 . 2014-04-09 17:29 3959808 ----a-w- c:\windows\system32\jscript9.dll
    2014-03-13 06:31 . 2014-04-09 17:29 526336 ----a-w- c:\windows\system32\ieui.dll
    2014-03-13 06:31 . 2014-04-09 17:29 67072 ----a-w- c:\windows\system32\iesetup.dll
    2014-03-13 06:31 . 2014-04-09 17:29 15404544 ----a-w- c:\windows\system32\ieframe.dll
    2014-03-13 06:31 . 2014-04-09 17:29 2648576 ----a-w- c:\windows\system32\iertutil.dll
    2014-03-13 06:31 . 2014-04-09 17:29 39936 ----a-w- c:\windows\system32\iernonce.dll
    2014-03-13 06:31 . 2014-04-09 17:29 136704 ----a-w- c:\windows\system32\iesysprep.dll
    2014-03-13 05:10 . 2014-04-09 17:29 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-03-13 05:09 . 2014-04-09 17:29 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-03-13 05:09 . 2014-04-09 17:29 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-03-13 05:09 . 2014-04-09 17:29 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2014-03-13 03:59 . 2014-04-09 17:29 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2014-03-13 03:51 . 2014-04-09 17:29 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @= "{F241C880-6982-4CE5-8CF7-7085BA96DA5A} "
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-08-01 01:45 220632 ----a-w- c:\users\a\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @= "{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} "
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-08-01 01:45 220632 ----a-w- c:\users\a\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @= "{BBACC218-34EA-4666-9D7A-C78F2274A524} "
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-08-01 01:45 220632 ----a-w- c:\users\a\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
    "EMET 4.1 Agent "= "c:\program files (x86)\EMET 4.1\EMET_agent.exe" [2013-11-21 78992]
    "iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-15 152392]
    "SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-18 224128]
    "CLMLServer "= "c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 0 (0x0)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    "EnableLinkedConnections "= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs "=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=" "
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
    R3 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
    R3 KNBDrv;KNBDrv;c:\windows\system32\drivers\knbdrv.sys;c:\windows\SYSNATIVE\drivers\knbdrv.sys [x]
    R3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 bootsafe;bootsafe;c:\windows\system32\Drivers\bootsafe64.sys;c:\windows\SYSNATIVE\Drivers\bootsafe64.sys [x]
    S0 DKDFM;Device Filter Manager Driver;c:\windows\system32\drivers\DKDFM.sys;c:\windows\SYSNATIVE\drivers\DKDFM.sys [x]
    S0 DKTLFSMF;Telemetry File System Mini Filter Driver;c:\windows\system32\drivers\DKTLFSMF.sys;c:\windows\SYSNATIVE\drivers\DKTLFSMF.sys [x]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 KAVBootC;KAVBootC;c:\windows\system32\drivers\kavbootc64.sys;c:\windows\SYSNATIVE\drivers\kavbootc64.sys [x]
    S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
    S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
    S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 DGPNPSEV;DriverGenius PNP Service;f:\program files\MyDrivers\DriverGenius2013\DgService.exe;f:\program files\MyDrivers\DriverGenius2013\DgService.exe [x]
    S2 DgSafe;DgSafe;c:\windows\system32\drivers\DgSafe.sys;c:\windows\SYSNATIVE\drivers\DgSafe.sys [x]
    S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys;c:\windows\SYSNATIVE\drivers\kisknl.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - AVGTP
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-27 04:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @= "{F241C880-6982-4CE5-8CF7-7085BA96DA5A} "
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-08-01 01:45 244696 ----a-w- c:\users\a\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @= "{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} "
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-08-01 01:45 244696 ----a-w- c:\users\a\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @= "{BBACC218-34EA-4666-9D7A-C78F2274A524} "
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-08-01 01:45 244696 ----a-w- c:\users\a\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
    @= "{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} "
    [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
    2013-03-28 02:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
    @= "{00F848DC-B1D4-4892-9C25-CAADC86A215D} "
    [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
    2013-03-28 02:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
    @= "{71573297-552E-46fc-BE3D-3DFAF88D47B7} "
    [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
    2013-03-28 02:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acronis Scheduler2 Service "= "c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 516928]
    "AdobeAAMUpdater-1.0 "= "c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page =
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\naxv236a.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-kxesc - c:\program files (x86)\kingsoft\kingsoft antiviruskxetray.exe
    ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.13 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-06-06 22:03:02
    ComboFix-quarantined-files.txt 2014-06-07 03:03
    .
    Pre-Run: 204,039,933,952 bytes free
    Post-Run: 204,031,406,080 bytes free
    .
    - - End Of File - - 3BBE714380CD02078E724F88F4ACE497
    A36C5E4F47E84449FF07ED3517B43A31
     
    bellisimo,
    #104
  6. 2014/06/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Nothing there...

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
    broni,
    #105
  7. 2014/06/06
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Okay, but should I not run Rkill first?
     
    bellisimo,
    #106
  8. 2014/06/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No....
     
    broni,
    #107
  9. 2014/06/06
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
    Ran by a (administrator) on BBELL-PC on 06-06-2014 22:14:45
    Running from C:\Users\a\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (MyDrivers.com) F:\Program Files\MyDrivers\DriverGenius2013\dgservice.exe
    (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Kingsoft Corporation) F:\Program Files\MyDrivers\DriverGenius2013\ksoft\kgeniustray.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [EMET 4.1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
    ShellExecuteHooks-x32: - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File [ ]
    Hosts: 127.0.0.1 localhost
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\naxv236a.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @kingsfot.com/npkws - C:\Program Files (x86)\kingsoft\kingsoft antivirus\npkws.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll No File
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
    FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
    FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File

    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\a\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx []
    CHR StartMenuInternet: Google Chrome - chrome.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    R2 DGPNPSEV; F:\Program Files\MyDrivers\DriverGenius2013\DgService.exe [326000 2014-04-04] (MyDrivers.com)
    S3 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
    R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
    S2 TabletService; C:\Windows\SysWOW64\Tablet.exe [491578 2000-02-11] (Wacom Technology, Corp.)

    ==================== Drivers (Whitelisted) ====================

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-25] (AVG Technologies)
    R0 bootsafe; C:\Windows\System32\Drivers\bootsafe64.sys [33128 2014-04-27] (Kingsoft Corporation)
    R2 DgSafe; C:\Windows\system32\drivers\DgSafe.sys [399632 2014-01-27] (MyDrivers.com)
    R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
    S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
    R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
    R0 KAVBootC; C:\Windows\System32\drivers\kavbootc64.sys [31848 2014-04-27] (Kingsoft Corporation)
    R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [225080 2014-04-27] (Kingsoft Corporation)
    S3 KNBDrv; C:\Windows\system32\drivers\knbdrv.sys [102704 2014-04-28] (Kingsoft Corporation)
    S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-04-27] (Kingsoft Corporation)
    S4 LMIRfsClientNP; No ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-02-24] ()
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-14] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-09-14] (Acronis)
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-09-14] (Acronis International GmbH)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-06-06 22:14 - 2014-06-06 22:14 - 00013136 _____ () C:\Users\a\Desktop\FRST.txt
    2014-06-06 22:14 - 2014-06-06 22:14 - 00000000 ____D () C:\FRST
    2014-06-06 22:12 - 2014-06-06 22:12 - 02072576 _____ (Farbar) C:\Users\a\Desktop\FRST64.exe
    2014-06-06 22:03 - 2014-06-06 22:03 - 00024596 _____ () C:\ComboFix.txt
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\Rosedale Productions\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\LogMeInRemoteUser\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
    2014-06-06 21:57 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-06-06 21:57 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-06-06 21:57 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-06-06 21:57 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-06-06 21:57 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-06-06 21:57 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-06-06 21:57 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-06-06 21:57 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-06-06 21:55 - 2014-06-06 22:03 - 00000000 ____D () C:\Qoobox
    2014-06-06 21:49 - 2014-06-06 21:49 - 11580448 _____ (OPSWAT, Inc.) C:\Users\a\Downloads\AppRemover.exe
    2014-06-06 21:40 - 2014-06-06 21:40 - 05205146 ____R (Swearware) C:\Users\a\Downloads\bert_bell.exe
    2014-06-06 21:38 - 2014-06-06 21:40 - 05205146 _____ (Swearware) C:\Users\a\Downloads\ComboFix.exe
    2014-06-06 01:09 - 2014-06-06 16:35 - 00000666 _____ () C:\Users\a\Desktop\No One Applauds This Woman Because They're Too Creeped Out At Themselves To Put Their Hands Together.website
    2014-06-04 00:14 - 2014-06-06 00:56 - 00000608 _____ () C:\Users\a\Desktop\Browser Hijacker Removal Tool Fix and Repair Browser Hijacking Issues.website
    2014-06-03 16:15 - 2014-06-05 01:38 - 00000767 _____ () C:\Users\a\Desktop\▶ Minute Master Class - Adam Rapa 1 - YouTube.website
    2014-06-02 16:56 - 2014-06-02 16:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go
    2014-06-02 16:48 - 2014-06-02 16:48 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
    2014-06-01 19:44 - 2014-06-01 19:44 - 00001772 _____ () C:\sc-cleaner.txt
    2014-06-01 19:43 - 2014-06-01 19:43 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\a\Downloads\sc-cleaner.exe
    2014-06-01 19:37 - 2014-06-01 19:37 - 00000000 ____D () C:\Users\a\AppData\Roaming\SparkTrust
    2014-06-01 19:37 - 2014-06-01 19:37 - 00000000 ____D () C:\Users\a\AppData\Roaming\DriverCure
    2014-06-01 19:36 - 2014-06-01 19:41 - 00000000 ____D () C:\ProgramData\SparkTrust
    2014-06-01 19:28 - 2014-06-01 19:28 - 00000200 _____ () C:\Users\a\Desktop\Google.URL
    2014-06-01 14:33 - 2014-06-01 14:33 - 00000629 _____ () C:\Users\a\Desktop\JRT.txt
    2014-06-01 14:25 - 2014-06-01 14:25 - 01016261 _____ (Thisisu) C:\Users\a\Desktop\JRT(1).exe
    2014-06-01 14:21 - 2014-06-01 14:21 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\a\Downloads\tdsskiller.exe
    2014-06-01 12:50 - 2014-06-01 12:50 - 00001666 _____ () C:\Users\a\Desktop\Rkill.txt
    2014-06-01 02:07 - 2014-06-01 02:07 - 00000210 _____ () C:\Users\a\Desktop\Dictionary.com - Free Online English Dictionary.URL
    2014-06-01 01:02 - 2014-06-01 01:02 - 00000240 _____ () C:\Users\a\Desktop\'Bleeping-Computer' in ICT Security Tools Scoop.it.URL
    2014-05-31 23:07 - 2014-05-31 23:07 - 00000292 _____ () C:\Users\a\Desktop\[Active] I need help with very strange Chinese SPAMMalware - WindowsBBS Forum - Page 6.URL
    2014-05-31 23:05 - 2014-05-31 23:05 - 00000205 _____ () C:\Users\a\Desktop\How to burn your CD.URL
    2014-05-31 22:44 - 2014-05-31 22:44 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2014-05-31 22:44 - 2014-05-31 22:44 - 00002086 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    2014-05-31 22:44 - 2014-05-31 22:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
    2014-05-31 21:47 - 2014-05-31 21:47 - 01016261 _____ (Thisisu) C:\Users\a\Downloads\JRT.exe
    2014-05-31 19:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-05-31 19:50 - 2014-05-31 22:00 - 00000000 ____D () C:\AdwCleaner
    2014-05-31 19:50 - 2014-05-31 19:50 - 01327971 _____ () C:\Users\a\Desktop\AdwCleaner.exe
    2014-05-31 19:48 - 2014-05-31 19:48 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\a\Desktop\rkill.exe
    2014-05-31 19:40 - 2014-05-31 19:40 - 00000000 _____ () C:\Users\a\Downloads\Setup (1).exe.bg8yule.partial
    2014-05-31 11:54 - 2014-05-31 12:58 - 00000000 ____D () C:\Users\a\AppData\Local\Adobe
    2014-05-31 02:34 - 2014-05-31 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    2014-05-31 02:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-05-31 00:51 - 2014-05-31 00:51 - 00002949 _____ () C:\DelFix.txt
    2014-05-30 23:01 - 2014-05-31 23:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-30 23:01 - 2014-05-30 23:01 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-05-30 23:01 - 2014-05-30 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-30 21:59 - 2014-05-30 21:59 - 05124208 _____ (F-Secure Corporation) C:\Users\a\Downloads\F-SecureOnlineScanner-HC (1).exe
    2014-05-30 21:20 - 2014-05-30 21:20 - 00000000 ____D () C:\ProgramData\F-Secure
    2014-05-30 21:18 - 2014-05-30 21:18 - 05124208 _____ (F-Secure Corporation) C:\Users\a\Downloads\F-SecureOnlineScanner-HC.exe
    2014-05-29 20:20 - 2014-05-29 20:20 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-05-29 12:00 - 2014-06-03 12:52 - 00000567 _____ () C:\Users\a\Desktop\Problems With a 2Wire AT&T DSL & a MacBook Pro eHow.website
    2014-05-29 01:05 - 2014-06-05 18:17 - 00000689 _____ () C:\Users\a\Desktop\How do I get Catalyst Control Center uninstalled so I can install - Microsoft Community.website
    2014-05-28 23:39 - 2014-06-06 00:57 - 00000541 _____ () C:\Users\a\Desktop\How to Reset a 2Wire Router Chron.com.website
    2014-05-28 22:53 - 2014-05-28 22:54 - 00347816 _____ (Microsoft Corporation) C:\Users\a\Downloads\MicrosoftFixit.IEPerformance.RNP.14932476223946046.1.3.Run.exe
    2014-05-27 23:14 - 2014-06-06 16:35 - 00000517 _____ () C:\Users\a\Desktop\How to reset Internet Explorer settings.website
    2014-05-27 00:42 - 2014-05-27 00:42 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-05-27 00:16 - 2014-05-27 00:20 - 00000000 ____D () C:\Windows\erdnt
    2014-05-26 23:53 - 2014-05-26 23:53 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\a\Downloads\iExplore.exe
    2014-05-26 23:49 - 2014-05-26 23:49 - 11519096 _____ (OPSWAT, Inc.) C:\Users\a\Desktop\AppRemover.exe
    2014-05-26 23:06 - 2014-05-26 23:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-05-26 19:27 - 2014-05-26 19:27 - 00000458 _____ () C:\Users\a\Documents\Updated AVG scan.csv
    2014-05-25 15:42 - 2014-05-25 15:42 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-05-25 15:42 - 2014-05-25 15:42 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-05-25 15:42 - 2014-05-25 15:42 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-05-25 15:42 - 2014-05-25 15:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-05-25 15:42 - 2014-05-25 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-05-23 13:11 - 2014-06-06 21:53 - 00035234 _____ () C:\Windows\PFRO.log
    2014-05-21 12:33 - 2014-06-06 21:53 - 00006216 _____ () C:\Windows\setupact.log
    2014-05-21 12:33 - 2014-05-21 12:33 - 00000000 _____ () C:\Windows\setuperr.log
    2014-05-20 20:57 - 2014-06-04 02:23 - 00000806 _____ () C:\Users\a\Desktop\▶ Lose 50 Pounds Fast With This Ski-Step Workout At Home - YouTube.website
    2014-05-20 19:05 - 2014-06-06 00:57 - 00000567 _____ () C:\Users\a\Desktop\See how many carbs, proteins, and fats you need to build muscle.website
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\Program Files\iTunes
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\Program Files\iPod
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-05-15 00:21 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-15 00:21 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-15 00:21 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-15 00:21 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-15 00:21 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-15 00:21 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-14 21:28 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-14 21:28 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-14 21:28 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-14 21:28 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-14 21:27 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-14 21:27 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-14 21:27 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-14 21:27 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-14 21:27 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-14 21:27 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-14 21:27 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-14 21:27 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-14 21:27 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-14 21:27 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-14 21:27 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-14 21:27 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-14 21:27 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-14 21:27 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-14 21:27 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-14 21:27 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-14 21:27 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-14 21:27 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-14 21:27 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-14 21:27 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-14 21:27 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-14 21:27 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-14 21:27 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-14 21:27 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-14 21:27 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

    ==================== One Month Modified Files and Folders =======

    2014-06-06 22:14 - 2014-06-06 22:14 - 00013136 _____ () C:\Users\a\Desktop\FRST.txt
    2014-06-06 22:14 - 2014-06-06 22:14 - 00000000 ____D () C:\FRST
    2014-06-06 22:14 - 2013-07-31 14:25 - 00000000 ____D () C:\Users\a\AppData\Local\Temp
    2014-06-06 22:12 - 2014-06-06 22:12 - 02072576 _____ (Farbar) C:\Users\a\Desktop\FRST64.exe
    2014-06-06 22:03 - 2014-06-06 22:03 - 00024596 _____ () C:\ComboFix.txt
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\Rosedale Productions\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\LogMeInRemoteUser\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 22:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
    2014-06-06 22:03 - 2014-06-06 21:55 - 00000000 ____D () C:\Qoobox
    2014-06-06 22:01 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
    2014-06-06 22:00 - 2009-07-13 23:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-06-06 22:00 - 2009-07-13 23:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-06-06 21:58 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-06-06 21:56 - 2013-07-31 14:25 - 01062097 _____ () C:\Windows\WindowsUpdate.log
    2014-06-06 21:53 - 2014-05-23 13:11 - 00035234 _____ () C:\Windows\PFRO.log
    2014-06-06 21:53 - 2014-05-21 12:33 - 00006216 _____ () C:\Windows\setupact.log
    2014-06-06 21:53 - 2013-07-31 20:22 - 00000000 ____D () C:\ProgramData\MFAData
    2014-06-06 21:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-06-06 21:49 - 2014-06-06 21:49 - 11580448 _____ (OPSWAT, Inc.) C:\Users\a\Downloads\AppRemover.exe
    2014-06-06 21:40 - 2014-06-06 21:40 - 05205146 ____R (Swearware) C:\Users\a\Downloads\bert_bell.exe
    2014-06-06 21:40 - 2014-06-06 21:38 - 05205146 _____ (Swearware) C:\Users\a\Downloads\ComboFix.exe
    2014-06-06 16:35 - 2014-06-06 01:09 - 00000666 _____ () C:\Users\a\Desktop\No One Applauds This Woman Because They're Too Creeped Out At Themselves To Put Their Hands Together.website
    2014-06-06 16:35 - 2014-05-27 23:14 - 00000517 _____ () C:\Users\a\Desktop\How to reset Internet Explorer settings.website
    2014-06-06 16:25 - 2014-02-09 17:38 - 00000555 _____ () C:\Users\a\Desktop\In The Bleak Midwinter - Cover by Florian Reider and Magdalena Weiss - YouTube.website
    2014-06-06 16:17 - 2014-04-15 00:49 - 00000713 _____ () C:\Users\a\Desktop\Visual Impact of Wet AMD—LUCENTIS (ranibizumab injection).website
    2014-06-06 09:40 - 2014-04-30 10:07 - 00000495 _____ () C:\Users\a\Desktop\Outlook - Copy.website
    2014-06-06 01:45 - 2013-08-02 04:34 - 00000000 ____D () C:\Users\a\Desktop\Desktop Icons3
    2014-06-06 01:32 - 2014-04-15 00:48 - 00000756 _____ () C:\Users\a\Desktop\Virtual Wet AMD Experience—LUCENTIS (ranibizumab injection).website
    2014-06-06 01:00 - 2014-03-13 15:56 - 00001004 _____ () C:\Users\a\Desktop\▶ Adobe Photoshop CS6 Full Download with Keygen + Crack Serials [Windows & MAC] - Video Dailymotion.website
    2014-06-06 00:57 - 2014-05-28 23:39 - 00000541 _____ () C:\Users\a\Desktop\How to Reset a 2Wire Router Chron.com.website
    2014-06-06 00:57 - 2014-05-20 19:05 - 00000567 _____ () C:\Users\a\Desktop\See how many carbs, proteins, and fats you need to build muscle.website
    2014-06-06 00:57 - 2014-04-30 00:51 - 00000453 _____ () C:\Users\a\Desktop\Commentaries Matthew Henry.website
    2014-06-06 00:57 - 2014-04-20 18:36 - 00000445 _____ () C:\Users\a\Desktop\livinggraceomaha.org.website
    2014-06-06 00:56 - 2014-06-04 00:14 - 00000608 _____ () C:\Users\a\Desktop\Browser Hijacker Removal Tool Fix and Repair Browser Hijacking Issues.website
    2014-06-05 22:17 - 2014-01-10 00:33 - 00000452 _____ () C:\Users\a\Desktop\eBible.website
    2014-06-05 18:17 - 2014-05-29 01:05 - 00000689 _____ () C:\Users\a\Desktop\How do I get Catalyst Control Center uninstalled so I can install - Microsoft Community.website
    2014-06-05 02:05 - 2013-12-12 19:15 - 00000522 _____ () C:\Users\a\Desktop\Inbox (1) - bbbellisimo@gmail.com - Gmail.website
    2014-06-05 02:03 - 2014-04-17 10:26 - 00000606 _____ () C:\Users\a\Desktop\Men's Life & Health - The #1 online magazine for Men's topics, health and exercise.website
    2014-06-05 01:38 - 2014-06-03 16:15 - 00000767 _____ () C:\Users\a\Desktop\▶ Minute Master Class - Adam Rapa 1 - YouTube.website
    2014-06-04 18:38 - 2014-01-30 16:10 - 00000543 _____ () C:\Users\a\Desktop\How to run the System File Checker Tool in Windows 7 - YouTube.website
    2014-06-04 02:23 - 2014-05-20 20:57 - 00000806 _____ () C:\Users\a\Desktop\▶ Lose 50 Pounds Fast With This Ski-Step Workout At Home - YouTube.website
    2014-06-04 00:16 - 2009-07-14 00:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-06-03 12:52 - 2014-05-29 12:00 - 00000567 _____ () C:\Users\a\Desktop\Problems With a 2Wire AT&T DSL & a MacBook Pro eHow.website
    2014-06-03 12:49 - 2013-07-31 15:33 - 00000000 ____D () C:\Users\a\AppData\Roaming\CyberLink
    2014-06-02 16:56 - 2014-06-02 16:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go
    2014-06-02 16:55 - 2013-07-31 15:31 - 00000000 ____D () C:\ProgramData\CyberLink
    2014-06-02 16:48 - 2014-06-02 16:48 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
    2014-06-02 16:46 - 2013-09-01 12:49 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-06-02 16:46 - 2013-07-31 15:31 - 00000000 ____D () C:\ProgramData\Temp
    2014-06-01 19:44 - 2014-06-01 19:44 - 00001772 _____ () C:\sc-cleaner.txt
    2014-06-01 19:43 - 2014-06-01 19:43 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\a\Downloads\sc-cleaner.exe
    2014-06-01 19:41 - 2014-06-01 19:36 - 00000000 ____D () C:\ProgramData\SparkTrust
    2014-06-01 19:37 - 2014-06-01 19:37 - 00000000 ____D () C:\Users\a\AppData\Roaming\SparkTrust
    2014-06-01 19:37 - 2014-06-01 19:37 - 00000000 ____D () C:\Users\a\AppData\Roaming\DriverCure
    2014-06-01 19:28 - 2014-06-01 19:28 - 00000200 _____ () C:\Users\a\Desktop\Google.URL
    2014-06-01 14:33 - 2014-06-01 14:33 - 00000629 _____ () C:\Users\a\Desktop\JRT.txt
    2014-06-01 14:25 - 2014-06-01 14:25 - 01016261 _____ (Thisisu) C:\Users\a\Desktop\JRT(1).exe
    2014-06-01 14:21 - 2014-06-01 14:21 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\a\Downloads\tdsskiller.exe
    2014-06-01 12:50 - 2014-06-01 12:50 - 00001666 _____ () C:\Users\a\Desktop\Rkill.txt
    2014-06-01 02:07 - 2014-06-01 02:07 - 00000210 _____ () C:\Users\a\Desktop\Dictionary.com - Free Online English Dictionary.URL
    2014-06-01 01:14 - 2013-07-31 14:25 - 00000000 ____D () C:\Users\a
    2014-06-01 01:02 - 2014-06-01 01:02 - 00000240 _____ () C:\Users\a\Desktop\'Bleeping-Computer' in ICT Security Tools Scoop.it.URL
    2014-05-31 23:26 - 2014-05-30 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-31 23:07 - 2014-05-31 23:07 - 00000292 _____ () C:\Users\a\Desktop\[Active] I need help with very strange Chinese SPAMMalware - WindowsBBS Forum - Page 6.URL
    2014-05-31 23:05 - 2014-05-31 23:05 - 00000205 _____ () C:\Users\a\Desktop\How to burn your CD.URL
    2014-05-31 22:44 - 2014-05-31 22:44 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2014-05-31 22:44 - 2014-05-31 22:44 - 00002086 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    2014-05-31 22:44 - 2014-05-31 22:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
    2014-05-31 22:00 - 2014-05-31 19:50 - 00000000 ____D () C:\AdwCleaner
    2014-05-31 21:47 - 2014-05-31 21:47 - 01016261 _____ (Thisisu) C:\Users\a\Downloads\JRT.exe
    2014-05-31 19:50 - 2014-05-31 19:50 - 01327971 _____ () C:\Users\a\Desktop\AdwCleaner.exe
    2014-05-31 19:48 - 2014-05-31 19:48 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\a\Desktop\rkill.exe
    2014-05-31 19:40 - 2014-05-31 19:40 - 00000000 _____ () C:\Users\a\Downloads\Setup (1).exe.bg8yule.partial
    2014-05-31 12:58 - 2014-05-31 11:54 - 00000000 ____D () C:\Users\a\AppData\Local\Adobe
    2014-05-31 11:54 - 2014-05-02 13:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-05-31 02:34 - 2014-05-31 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    2014-05-31 02:34 - 2013-11-28 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-05-31 02:34 - 2013-08-02 03:08 - 00000000 ____D () C:\Users\a\AppData\Roaming\Malwarebytes
    2014-05-31 00:51 - 2014-05-31 00:51 - 00002949 _____ () C:\DelFix.txt
    2014-05-31 00:51 - 2013-11-28 18:09 - 00000000 ____D () C:\Windows\ERUNT
    2014-05-30 23:07 - 2014-03-16 20:20 - 00000000 ____D () C:\ProgramData\Google
    2014-05-30 23:07 - 2013-08-08 11:26 - 00000000 ____D () C:\Users\a\AppData\Local\Google
    2014-05-30 23:07 - 2013-08-08 11:26 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-30 23:06 - 2014-02-26 23:43 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-05-30 23:06 - 2014-02-01 11:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-30 23:06 - 2014-02-01 11:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-05-30 23:01 - 2014-05-30 23:01 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-05-30 23:01 - 2014-05-30 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-30 21:59 - 2014-05-30 21:59 - 05124208 _____ (F-Secure Corporation) C:\Users\a\Downloads\F-SecureOnlineScanner-HC (1).exe
    2014-05-30 21:20 - 2014-05-30 21:20 - 00000000 ____D () C:\ProgramData\F-Secure
    2014-05-30 21:18 - 2014-05-30 21:18 - 05124208 _____ (F-Secure Corporation) C:\Users\a\Downloads\F-SecureOnlineScanner-HC.exe
    2014-05-29 20:20 - 2014-05-29 20:20 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-05-28 22:54 - 2014-05-28 22:53 - 00347816 _____ (Microsoft Corporation) C:\Users\a\Downloads\MicrosoftFixit.IEPerformance.RNP.14932476223946046.1.3.Run.exe
    2014-05-27 19:23 - 2013-07-31 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    2014-05-27 18:57 - 2014-03-30 19:00 - 00000000 ____D () C:\Users\a\AppData\Local\Paint.NET
    2014-05-27 00:42 - 2014-05-27 00:42 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-05-27 00:21 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2014-05-27 00:20 - 2014-05-27 00:16 - 00000000 ____D () C:\Windows\erdnt
    2014-05-26 23:53 - 2014-05-26 23:53 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\a\Downloads\iExplore.exe
    2014-05-26 23:49 - 2014-05-26 23:49 - 11519096 _____ (OPSWAT, Inc.) C:\Users\a\Desktop\AppRemover.exe
    2014-05-26 23:23 - 2014-05-26 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-05-26 19:27 - 2014-05-26 19:27 - 00000458 _____ () C:\Users\a\Documents\Updated AVG scan.csv
    2014-05-26 11:55 - 2013-07-31 15:38 - 00000000 ____D () C:\Temp
    2014-05-25 15:42 - 2014-05-25 15:42 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-05-25 15:42 - 2014-05-25 15:42 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-05-25 15:42 - 2014-05-25 15:42 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-05-25 15:42 - 2014-05-25 15:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-05-25 15:42 - 2014-05-25 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-05-25 15:42 - 2014-01-16 03:06 - 00000000 ____D () C:\Program Files\Java
    2014-05-22 19:05 - 2013-08-06 02:02 - 00000000 ____D () C:\Users\a\AppData\Local\CrashDumps
    2014-05-22 18:36 - 2014-04-20 18:24 - 00000550 _____ () C:\Users\a\Desktop\max mclean audio bible - YouTube.website
    2014-05-22 10:39 - 2014-02-19 10:15 - 00000000 _____ () C:\Windows\system\DG_inst.log
    2014-05-21 12:33 - 2014-05-21 12:33 - 00000000 _____ () C:\Windows\setuperr.log
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\Program Files\iTunes
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\Program Files\iPod
    2014-05-18 01:09 - 2014-05-18 01:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-05-15 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-05-15 11:16 - 2013-07-31 14:25 - 00000000 ___RD () C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-15 11:16 - 2013-07-31 14:25 - 00000000 ___RD () C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-15 11:15 - 2014-05-06 00:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-15 00:20 - 2013-08-03 13:31 - 00000000 ____D () C:\Windows\system32\MRT
    2014-05-15 00:20 - 2013-08-02 15:46 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-05-15 00:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-05-09 16:37 - 2014-04-30 23:19 - 00000000 ____D () C:\Users\a\AppData\Local\Blockless
    2014-05-09 01:14 - 2014-05-14 21:28 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-09 01:11 - 2014-05-14 21:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-08 02:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-05-29 14:10

    ==================== End Of Log ============================
     
    bellisimo,
    #108
  10. 2014/06/07
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Hi Broni,
    I thought I should tell you that when I booted up my computer from sleep mode today, and before I used a browser, one of the small Chinese pages was already on my screen. It wasn't there when I put the machine to sleep last night.

    Also, if you have anything you want me to try this evening, I'll get to it as soon as I can, but I invited friends over to watch a boxing event on TV tonight, so I may not be able to post any scans or logs until late tonight.

    Thanks for your patience.
     
    bellisimo,
    #109
  11. 2014/06/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Just to let you know that I'm having very bust day today as well so I won't reply before tomorrow morning.
     
    broni,
    #110
  12. 2014/06/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure if you're resetting IE correctly or something is preventing you from resetting IE in a right way.
    FRST still shows all kinds of addons and toolbars there.

    Do this from safe mode.
    How to start Windows in Safe Mode

    Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    You can use ANY browser to download "FixIt" file.
    Make sure you follow ALL steps listed there.

    You can download resetting tool in normal mode.

    When done post fresh FRST log.
     
    broni,
    #111
  13. 2014/06/08
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Hi Broni,
    I've reset Internet Explorer again. I followed your instructions to the letter with one exception, which is that the Fixit tool will not work from Safe Mode. I tried it several times and it kept telling me that it is not available from Safe Mode. So, I ran it again in normal mode and when I was finished I had another instance of the malware.
     
    bellisimo,
    #112
  14. 2014/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Internet Explorer. It'll revert itself to previous version.
    See if the issue is still there.
     
    broni,
    #113
  15. 2014/06/08
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Hi Broni,
    I uninstalled Internet Explore 10 and Internet Explorer 8 automatically replaced it, but then, all of my desktop shortcuts became Photoshop shortcuts and I couldn't find any of the apps or programs that the shortcuts were meant to direct me to. So, I downloaded Internet Explorer 11. Do you think IE 11 will be infected with the same malware?
     
    bellisimo,
    #114
  16. 2014/06/08
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Never mind, Broni. The malware answered my question with another intrusion. Would there be any point in trying something like Norton' browser hijacker tool?
     
    bellisimo,
    #115
  17. 2014/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #116
  18. 2014/06/08
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Okay, Broni. I have done that and it seemed to well. I guess all we can do now is continue to use Internet Explorer for awhile and see if the malware is gone, right?
     
    bellisimo,
    #117
  19. 2014/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes....and let's pray...lol

    Can you give me fresh FRST log (it'll be one log only)?
     
    broni,
    #118
  20. 2014/06/08
    bellisimo Lifetime Subscription

    bellisimo Well-Known Member Thread Starter

    Joined:
    2008/05/26
    Messages:
    456
    Likes Received:
    1
    Will do, Broni, thank you:)
     
    bellisimo,
    #119
  21. 2014/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG]
     
    broni,
    #120
Page 6 of 7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...