View Full Version : Logs are too long to post
frankhero
2014-07-26, 09:37
REFER BACK TO:
http://forums.spybot.info/showthread.php?70872-lots-of-errors-left&p=455570#post455570
I've tried posting my logs to the forum but keep being told that they are too long... All I've done is copy and paste. Not sure if I'm missing something. The spacecount is currently 437561 characters after running the entire thing through Notepadd++ and removing all the whitespace... Any suggestions would be greatly appreciated.
Thanks
Frank
:snwelcome:
Sorry your having problems Frank, I am assuming that the logs you want to post are FRST, Additions and aswMBR ...Correct ?
Why dont you do this, press the Ctrl key with your left hand and with your mouse select each log and then right click on them and select Send To ...Compressed Zip Folder, name it Logs and save it to your desktop and then go down to Manage Attachments and attach the file, then Submit Reply, also give me a brief description of whats going on on your system
frankhero
2014-07-26, 17:19
:snwelcome:
Sorry your having problems Frank, I am assuming that the logs you want to post are FRST, Additions and aswMBR ...Correct ?
Why dont you do this, press the Ctrl key with your left hand and with your mouse select each log and then right click on them and select Send To ...Compressed Zip Folder, name it Logs and save it to your desktop and then go down to Manage Attachments and attach the file, then Submit Reply, also give me a brief description of whats going on on your system
10-4. are zip files always welcome? i'll get those over right away.
Hello Frank,
We prefer that logs are directly copy and pasted in the thread but if its to large and the forum wont except them then attaching them is fine
frankhero
2014-07-26, 18:02
Hello Frank,
We prefer that logs are directly copy and pasted in the thread but if its to large and the forum wont except them then attaching them is fine
Attached is a file containing all of the requested info. the breakdown of the events leading up to and following are also included . Thanks!
Frank11708
FF NetworkProxy: "http_port", 8080 <-- Did you set this proxy ?
Very long log, its going to take some time to go over it
In the meantime run this scan please
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
frankhero
2014-07-27, 04:07
FF NetworkProxy: "http_port", 8080 <-- Did you set this proxy ?
Very long log, its going to take some time to go over it
In the meantime run this scan please
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\java\security\spec\rsakeygenparameterspec.java
c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\javax\crypto\keygenerator.java
c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\javax\crypto\keygeneratorspi.java
c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\javax\crypto\keygeneratorspitest.java
c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\javax\crypto\keygeneratortest.java
c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorfunctionaltest.java
c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorthread.java
c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\support\mykeygeneratorspi.java
c:\cygwin64\bin\ssh-keygen.exe
c:\cygwin64\lib\python2.7\lib-dynload\crypt.dll
c:\cygwin64\usr\share\man\man1\ssh-keygen.1.gz
c:\metasploit\apps\pro\msf3\data\john\doc\pdfcrack_readme
c:\metasploit\apps\pro\msf3\data\john\doc\pdfcrack_todo
c:\metasploit\apps\pro\msf3\modules\auxiliary\analyze\jtr_crack_fast.rb
c:\metasploit\apps\pro\msf3\modules\auxiliary\analyze\postgres_md5_crack.rb
c:\metasploit\apps\pro\msf3\tools\hmac_sha1_crack.rb
c:\metasploit\apps\pro\msf3\tools\lm2ntcrack.rb
c:\metasploit\apps\pro\reports\authentication_tokens\msfx_auth_tokens_cracked_graphs.jasper
c:\metasploit\apps\pro\reports\authentication_tokens\msfx_auth_tokens_cracked_graphs.jrxml
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\about-password-cracking.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\bruteforce-attack-options.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\bruteforce-attacks.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\bruteforce-message-indicators.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\credential-management.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\deleting-imported-word-lists.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\importing-custom-word-lists.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\importing-password-lists.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\running-bruteforce-attacks.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\running-bruteforce-password-list.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\running-bruteforce-single-credential.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\running-bruteforce-vm.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\selecting-custom-word-lists.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\supported-credential-file-formats.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\supported-credential-formats.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\target-services.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\viewing-imported-credentials.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\viewing-metasploit-word-lists.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\word-lists.html
c:\metasploit\apps\pro\ui\public\docs\online-help\content\zz-glossary\def-password-cracking.html
c:\program files (x86)\corel\coreldraw graphics suite x6\custom data\bumpmap\cracks.cpt
c:\users\jsutin\desktop\library\the code book how to make it, break it, hack it, crack it.pdf
c:\users\jsutin\downloads\electronics\www.eio.com\p-32499-ratchet-clank-future-crack-in-time-playstation3-game-sony.html.tmp
c:\users\jsutin\downloads\erow\www.erowid.org\archive\hyperreal\drugs\humor\crack.pipe.tmp
c:\users\jsutin\downloads\erow\www.erowid.org\chemicals\cocaine\crack_info1.shtml
c:\users\jsutin\downloads\erow\www.erowid.org\chemicals\cocaine\crack_journal1.shtml
c:\users\jsutin\downloads\erow\www.erowid.org\chemicals\cocaine\crack_media1.shtml
c:\users\jsutin\downloads\erow\www.erowid.org\culture\art\artist\wackycracka_leslie.html.tmp
c:\users\jsutin\downloads\erow\www.erowid.org\culture\art\artist\vasin_ted\vasin_ted_islandorcrackinyourceiling.html.tmp
c:\users\jsutin\downloads\erow\www.erowid.org\culture\art\artist\wackycracka_leslie\wackycracka_leslie_purple-dream.html.tmp
c:\users\jsutin\downloads\erow\www.erowid.org\culture\art\artists_w\images\wackycracka_leslie_purple-dream_thumb.jpg.tmp
c:\users\jsutin\downloads\erow\www.erowid.org\library\books\cracking_tower.shtml
scanner sequence 3.ZZ.11.OMNAXZ
----- EOF -----
You never said if you installed that Firefox Proxy and you never said what your experiencing to make you think your infected, and there is no reason to quote what I said.
I also see your using the torrents, not good as any form of file sharing is dangerous, your downloading that file from an unknown source and not all but most contain malware of one form or another, its like playing russian roulette malwarewise
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
===============================================================================
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
=====================================================
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
frankhero
2014-07-27, 10:34
Ken,
I didn't disclose it because i didn't even remember about it. I got it to play around with burp.suite. I think i used it but once about 1.5 months ago. as far as torrents, i didn't remember using a torrent downloader on this comp... but now that you've mentioned it i do recall getting some books around the same time as i was playing with burp.
anyway, this is what came back. I haven't actually applied any of the fixes. Pretty sure that's what you expected?
Thanks,
Frank
# AdwCleaner v3.216 - Report created 27/07/2014 at 00:48:43
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : a - c
# Running from : C:\Users\a\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs
\Search.lnk
File Found : C:\WINDOWS\System32\Tasks\UpdaterEX
File Found : C:\WINDOWS\Tasks\UpdaterEX.job
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Found : C:\Users\a\AppData\Local\Google\Chrome\User Data
\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Found : C:\Users\a\AppData\Local\Google\Chrome\User Data
\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Found : C:\Users\a\AppData\Local\Google\Chrome\User Data
\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Found : C:\Users\a\AppData\LocalLow\Conduit
Folder Found : C:\Users\a\AppData\Roaming\DriverCure
Folder Found : C:\Users\a\AppData\Roaming\pdfforge
Folder Found : C:\Users\a\AppData\Roaming\UpdaterEX
Folder Found : C:\Users\bLtd\AppData\Local\Google
\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Found : C:\Users\bLtd\AppData\Local\Google
\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Found : C:\Users\bLtd\AppData\Local\Google
\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions
\eiebcgmnpbbifoagcaobgelgnijgpaog
Key Found : HKCU\Software\Google\Chrome\Extensions
\eiebcgmnpbbifoagcaobgelgnijgpaog
Key Found : HKCU\Software\Google\Chrome\Extensions
\eiebcgmnpbbifoagcaobgelgnijgpaog
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions
\eiebcgmnpbbifoagcaobgelgnijgpaog
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions
\eiebcgmnpbbifoagcaobgelgnijgpaog
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions
\eiebcgmnpbbifoagcaobgelgnijgpaog
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout
\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer
\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer
\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles
\na5z5xw6.default\prefs.js ]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data
\Default\preferences ]
Found [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
[ File : C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default
\preferences ]
[ File : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default
\preferences ]
Found [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
[ File : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default
\preferences ]
[ File : C:\Users\bLtd\AppData\Local\Google\Chrome\User
Data\Default\preferences ]
Found [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
[ File : C:\Users\VIRTUAL\AppData\Local\Google\Chrome\User Data\Default
\preferences ]
*************************
AdwCleaner[R0].txt - [4609 octets] - [27/07/2014 00:48:44]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4669 octets]
##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by a on Sun 07/27/2014 at 0:52:38.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4DABDDBA-3607-487A-BF21-92E49C647822}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\a\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\a\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\a\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{09A183F0-3A66-4344-B4ED-85722C6111F1}
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{17C49671-D795-4883-AA65-AD4F28821BFE}
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{275EDE2D-F86B-43AD-9302-75B72B2A02CA}
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{3A012331-A6C8-43A4-B9E7-9D5C7A16D5F1}
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{49D80A72-B5D4-47CC-9F67-396A80DB13EC}
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{9E680478-E665-41C5-B8F0-8AF3BEB18E91}
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{9F327ACA-0073-483B-A98B-D32032EC3A2B}
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{CF99848C-F99F-4AEB-B59D-C9B7B1F9DF5A}
Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{D434EB7D-DCD8-4073-AFCA-E6412C77FB05}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/27/2014 at 0:57:43.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/27/2014
Scan Time: 12:59:08 AM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.27.04
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: a
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 583762
Time Elapsed: 24 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-3935980490-2378437961-526367122-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [f38d8f15ea91fb3b0aeda142887a2bd5],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc, , [07791a8ad4a794a23b7d8e3819e9e31d],
Files: 11
PUP.Optional.InstalleRex, C:\$Recycle.Bin\S-1-5-21-3935980490-2378437961-526367122-1059\$R3IRTAX.exe, , [7f01475d562537ff158f2267a061ca36],
PUP.Optional.Softonic.A, C:\Users\a\Downloads\SoftonicDownloader_for_surgeon-simulator-2013.exe, , [6d13cada99e268ce9956d55337cadb25],
PUP.Optional.Softonic.A, C:\Users\a\Downloads\SoftonicDownloader_for_visual-basic (1).exe, , [730debb9611a7bbb9956b27643beb947],
PUP.Optional.Softonic.A, C:\Users\a\Downloads\SoftonicDownloader_for_visual-basic.exe, , [3947c4e02556e05643acc95ff50c41bf],
PUP.Optional.OutBrowse, C:\Users\bLtd\Downloads\setup (1).exe, , [136dddc7136813236ee53f5c8c758977],
PUP.Optional.Softonic.A, C:\Users\bLtd\Downloads\SoftonicDownloader_for_abcaus-excel-accounting-template.exe, , [85fbfea62f4cc274a24d40e8d62b06fa],
PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, , [07791a8ad4a794a23b7d8e3819e9e31d],
PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\info.dat, , [07791a8ad4a794a23b7d8e3819e9e31d],
PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, , [07791a8ad4a794a23b7d8e3819e9e31d],
PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\STTL.DAT, , [07791a8ad4a794a23b7d8e3819e9e31d],
PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\TTL.DAT, , [07791a8ad4a794a23b7d8e3819e9e31d],
Physical Sectors: 0
(No malicious items detected)
(end)
frankhero
2014-07-27, 10:58
Pretty sure that's what you expected?
ooops.. okay... just ran adw again... here's that log... not sure if the order of things was really importanat... let me know if i have to run the other two again before moving forward.
Thanks,
frank
# AdwCleaner v3.216 - Report created 27/07/2014 at 01:41:10
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : e - e
# Running from : C:\Users\e\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\e\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Folder Deleted : C:\Users\R & R MillwrightsLtd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
[!] Folder Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
[!] Folder Deleted : C:\Users\R & R MillwrightsLtd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
[!] Folder Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
[!] Folder Deleted : C:\Users\R & R MillwrightsLtd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\WINDOWS\Tasks\UpdaterEX.job
File Deleted : C:\WINDOWS\System32\Tasks\UpdaterEX
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\na5z5xw6.default\prefs.js ]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
[ File : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
[ File : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\R & R MillwrightsLtd\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
[ File : C:\Users\VIRTUAL\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4773 octets] - [27/07/2014 00:48:44]
AdwCleaner[R1].txt - [4011 octets] - [27/07/2014 01:39:24]
AdwCleaner[S0].txt - [3609 octets] - [27/07/2014 01:41:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3669 octets] ##########
frankhero
2014-07-27, 12:43
you never said what your experiencing to make you think your infected,
and you never said what your experiencing to make you think your infected,
Ken,
the reason i'm worried is because of the event logs i've been seening.
RE: THE FOLLOWING DNS event log -
I changed my computer name to remove the .LAN suffix.
haven't tested the results yet
Warning 7/27/2014 2:36:10 AM DNS Client Events 8016 (1028)
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 7/27/2014 2:36:10 AM
Event ID: 8016
Task Category: (1028)
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: e.LAN
Description:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
Adapter Name : {4684F351-2781-4D68-9DE2-AF7E992AA295}
Host Name : e
Primary Domain Suffix : LAN
DNS server list :
64.59.184.13, 64.59.190.242
Sent update to server : <?>
IP Address(es) :
192.168.0.11
The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.
You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>8016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1028</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2014-07-27T08:36:10.010047400Z" />
<EventRecordID>65863</EventRecordID>
<Correlation />
<Execution ProcessID="1368" ThreadID="2100" />
<Channel>System</Channel>
<Computer>e.LAN</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="AdapterName">{4684F351-2781-4D68-9DE2-AF7E992AA295}</Data>
<Data Name="HostName">e</Data>
<Data Name="AdapterSuffixName">LAN</Data>
<Data Name="DnsServerList"> 64.59.184.13, 64.59.190.242</Data>
<Data Name="Sent UpdateServer"><?></Data>
<Data Name="Ipaddress">192.168.0.11</Data>
<Data Name="ErrorCode">9002</Data>
</EventData>
</Event>...
AND
Log Name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Source: Microsoft-Windows-Windows Firewall With Advanced Security
Date: 7/27/2014 2:42:24 AM
Event ID: 2010
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: e.LAN
Description:
Network profile changed on an interface.
Adapter GUID: {4684F351-2781-4D68-9DE2-AF7E992AA295}
Adapter Name: wireless_0
Old Profile: Public
New Profile: Private
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Firewall With Advanced Security" Guid="{D1BC9AFF-2ABF-4D71-9146-ECB2A986EB85}" />
<EventID>2010</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-07-27T08:42:24.347162500Z" />
<EventRecordID>46444</EventRecordID>
<Correlation />
<Execution ProcessID="1564" ThreadID="6644" />
<Channel>Microsoft-Windows-Windows Firewall With Advanced Security/Firewall</Channel>
<Computer>e.LAN</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="InterfaceGuid">{4684F351-2781-4D68-9DE2-AF7E992AA295}</Data>
<Data Name="InterfaceName">wireless_0</Data>
<Data Name="OldProfile">4</Data>
<Data Name="NewProfile">2</Data>
</EventData>
</Event>
AND re: ABOVE EVENT ID IS 2010; also included are 2002,2011,2005,2004. all one after another.
AND
USING NETSTAT I'VE NOTICED A PERSISTENT ROUTE WHOSE NETWORK AND GATEWAY I DON'T RECOGNIZE
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 192.168.0.12 192.168.0.11 26
192.168.0.0 255.255.255.0 On-link 192.168.0.11 281
192.168.0.11 255.255.255.255 On-link 192.168.0.11 281
192.168.0.255 255.255.255.255 On-link 192.168.0.11 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.11 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.11 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.0.12 1
===========================================================================
Morning Frank,
Go ahead and run Malwarebytes and remove that junk and post the log
Then, run FRST again but this time do not check
List BCD
Drivers MD5
Shortcut txt
As far as the network, once your clean and all looks ok, then if your still having issues with it I will link you to a good site that deals with Networking
frankhero
2014-07-28, 00:06
ken,
here are the logs you requested.
Thanks,
frank
Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)
Start
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 1
2014-07-19 11:14 - 2014-07-19 11:14 - 00019203 _____ () C:\Users\e\Downloads\[kickass.to]offensive.security.wireless.attacks.wifu.v2.0.torrent
2014-07-24 05:19 - 2013-09-19 07:02 - 00000000 ____D () C:\Users\e\AppData\Roaming\BitTorrent
2014-07-19 11:14 - 2014-07-19 11:14 - 00019203 _____ () C:\Users\e\Downloads\[kickass.to]offensive.security.wireless.attacks.wifu.v2.0.torrent
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Then let me know how your system is behaving now
frankhero
2014-07-28, 20:52
ken,
thanks for your patience... so it was my understanding that i wasn't supposed to scan again right? just hit fix. that\s what i did anyway.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by e (ATTENTION: The logged in user is not administrator) on e on 28-07-2014 11:46:30
Running from C:\Users\e\Desktop\Antiattacker
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Akamai Technologies, Inc.) C:\Users\e\AppData\Local\Akamai\netsession_win.exe
(Apache Software Foundation) C:\Webserver\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Akamai Technologies, Inc.) C:\Users\e\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-07-12] (IDT, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\WINDOWS\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-01-17] (Intel(R) Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\Run: [Akamai NetSession Interface] => C:\Users\e\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\MountPoints2: {073f0977-515c-11e2-be71-806e6f6e6963} - "E:\MInst.exe"
HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\MountPoints2: {11e356cc-9e49-11e3-bed4-84a6c8863282} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\MountPoints2: {e968cacc-821f-11e3-bec4-84a6c8863282} - "F:\AutoLaunch.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\aiStarter.lnk
ShortcutTarget: aiStarter.lnk -> C:\Program Files (x86)\AppInventor\aiStarter.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Webserver\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled
ShortcutTarget: QuickBooks Update Agent.lnk.disabled -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
Startup: C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk.disabled
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPCON13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9FA99D4DF817CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {4DABDDBA-3607-487A-BF21-92E49C647822} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3320218&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP19AC0FCF-EB89-40DE-9886-B7E591B04D49&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.59.184.13 64.59.190.242
FireFox:
========
FF ProfilePath: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\na5z5xw6.default
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\e\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: hp.com/HPDetect - C:\Users\e\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKCU: LWAPlugin15.8 - C:\Users\e\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\e\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw
Chrome:
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (Google Wallet) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [581000 2014-04-01] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-07-26] (Intel Corporation)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-14] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MerakiPCCAgent; C:\Program Files (x86)\Meraki\PCC Agent 1.0.86\m_agent_service.exe [2721810 2013-06-18] () [File not signed]
R2 metasploitPostgreSQL; C:\metasploit\postgresql\bin\pg_ctl.exe [76800 2014-04-10] (PostgreSQL Global Development Group) [File not signed]
R2 metasploitProSvc; C:\metasploit\ruby\bin\ruby.exe [70239 2014-06-05] (http://www.ruby-lang.org/) [File not signed]
R2 metasploitThin; C:\metasploit\ruby\bin\ruby.exe [70239 2014-06-05] (http://www.ruby-lang.org/) [File not signed]
R2 metasploitWorker; C:\metasploit\ruby\bin\ruby.exe [70239 2014-06-05] (http://www.ruby-lang.org/) [File not signed]
R2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-11] (Autodesk, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2011-11-28] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2014-03-06] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-13] (Advanced Micro Devices, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1362232 2013-02-14] (Motorola Solutions, Inc.)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-24] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2013-07-28] (CACE Technologies, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-26] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
U3 aswMBR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 00:40 - 2014-07-28 00:40 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-28 00:32 - 2014-07-28 00:34 - 00000000 ____D () C:\Program Files\iTunes
2014-07-28 00:32 - 2014-07-28 00:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-28 00:32 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files\iPod
2014-07-28 00:32 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-27 01:43 - 2014-07-27 17:06 - 00005922 _____ () C:\WINDOWS\PFRO.log
2014-07-27 01:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-27 00:52 - 2014-07-27 00:52 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-27 00:03 - 2014-07-27 01:41 - 00000000 ____D () C:\AdwCleaner
2014-07-26 23:46 - 2014-07-28 00:19 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 23:45 - 2014-07-26 23:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-26 23:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-26 23:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-26 23:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-26 08:49 - 2014-07-26 08:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-26 01:24 - 2014-07-26 01:26 - 00000000 ____D () C:\Users\frank
2014-07-25 10:12 - 2014-07-25 10:55 - 00000610 _____ () C:\procs.html
2014-07-25 10:07 - 2014-07-25 10:08 - 19049228 _____ () C:\baseline.xml
2014-07-25 02:12 - 2014-07-25 07:01 - 00000794 _____ () C:\WINDOWS\setupact.log
2014-07-25 02:12 - 2014-07-25 02:12 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-24 21:38 - 2014-07-28 11:46 - 00000000 ____D () C:\FRST
2014-07-24 19:45 - 2014-07-24 19:45 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-e-Microsoft-Windows-8.1-(64-bit).dat
2014-07-24 19:44 - 2014-07-24 19:44 - 00000000 ____D () C:\RegBackup
2014-07-24 19:43 - 2014-07-24 19:43 - 00000000 ____D () C:\Tweaking.com
2014-07-24 19:43 - 2014-07-24 19:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-24 15:42 - 2014-07-28 11:15 - 01415054 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-23 13:11 - 2014-07-23 13:11 - 00000000 ____D () C:\Android
2014-07-23 12:46 - 2014-07-23 12:52 - 00000000 ____D () C:\AndroidSDK
2014-07-23 12:42 - 2014-07-23 12:42 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-22 16:10 - 2014-07-09 22:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-22 16:10 - 2014-07-09 22:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-22 16:10 - 2014-07-09 21:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-21 05:25 - 2014-07-21 05:34 - 00000000 ____D () C:\WINDOWS\pss
2014-07-19 05:02 - 2014-07-19 05:24 - 00000000 ____D () C:\Users\TEMP
2014-07-18 22:05 - 2014-07-18 22:16 - 00000000 ____D () C:\metasploit
2014-07-17 01:44 - 2014-07-17 01:44 - 00030046 _____ () C:\results.txt
2014-07-16 16:30 - 2014-07-16 16:47 - 00000000 ____D () C:\cygwin64
2014-07-15 19:42 - 2014-07-15 19:42 - 00000147 _____ () C:\WINDOWS\ODBC.INI
2014-07-15 08:17 - 2014-07-15 08:17 - 00000000 ____D () C:\LocalMachine
2014-07-12 01:17 - 2014-07-12 01:17 - 00000000 ____D () C:\Program Files (x86)\Overlook Fing 2.2
2014-07-11 16:42 - 2014-07-11 16:42 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-11 04:20 - 2014-07-11 04:20 - 00049541 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201407110420128603.log
2014-07-11 04:20 - 2014-07-11 04:20 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-07-11 04:13 - 2014-07-11 04:13 - 00000000 ____D () C:\Intel
2014-07-11 04:09 - 2014-07-11 04:09 - 00227476 _____ () C:\WINDOWS\SysWOW64\dd_vcredist_x86_1_vcRuntimeAdditional_x86.log
2014-07-11 04:09 - 2014-07-11 04:09 - 00146198 _____ () C:\WINDOWS\SysWOW64\dd_vcredist_x86_0_vcRuntimeMinimum_x86.log
2014-07-11 04:07 - 2014-07-11 04:07 - 00000000 ____D () C:\AMD
2014-07-11 04:03 - 2014-05-03 05:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-07-11 04:03 - 2014-05-03 03:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-07-11 04:03 - 2014-05-02 21:30 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-07-11 04:03 - 2014-05-02 21:27 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-07-11 04:03 - 2014-04-30 23:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-11 04:03 - 2014-04-29 22:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-07-11 04:03 - 2014-04-29 21:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-07-11 04:03 - 2014-04-28 16:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-07-11 04:03 - 2014-04-26 16:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-07-11 04:03 - 2014-04-26 14:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-07-11 04:03 - 2014-04-14 03:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-07-11 04:03 - 2014-04-14 02:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-07-11 04:02 - 2014-06-05 08:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 04:02 - 2014-06-05 07:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 04:02 - 2014-06-01 20:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 04:02 - 2014-05-31 04:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 04:02 - 2014-05-31 04:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 04:02 - 2014-05-31 04:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 04:02 - 2014-05-31 04:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 04:02 - 2014-05-31 04:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 04:02 - 2014-05-31 00:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 04:02 - 2014-05-31 00:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-07-11 04:02 - 2014-05-31 00:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 04:02 - 2014-05-31 00:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 04:02 - 2014-05-30 22:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 04:02 - 2014-05-30 22:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 04:02 - 2014-05-30 22:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 04:02 - 2014-05-27 09:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 04:02 - 2014-05-27 03:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 04:02 - 2014-05-27 03:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 04:02 - 2014-05-16 22:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 04:02 - 2014-05-16 22:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 04:02 - 2014-05-13 01:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-07-11 04:02 - 2014-05-12 23:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-07-11 04:02 - 2014-05-12 22:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-07-11 04:02 - 2014-05-12 22:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-07-11 04:02 - 2014-05-12 21:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-07-11 04:02 - 2014-05-12 21:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-07-11 04:02 - 2014-05-02 23:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-07-11 04:02 - 2014-05-02 23:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-07-11 04:02 - 2014-05-02 23:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-07-11 04:02 - 2014-05-02 23:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-07-11 04:02 - 2014-05-02 22:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-07-11 04:02 - 2014-05-02 22:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-07-11 04:02 - 2014-05-02 22:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-07-11 04:02 - 2014-05-02 17:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-07-11 04:02 - 2014-04-30 00:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-07-11 04:02 - 2014-04-30 00:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-07-11 04:02 - 2014-04-30 00:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-07-11 04:02 - 2014-04-30 00:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-07-11 04:02 - 2014-04-29 23:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-07-11 04:02 - 2014-04-29 22:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-07-11 04:02 - 2014-04-29 22:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-07-11 04:02 - 2014-04-29 22:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-07-11 04:02 - 2014-04-29 22:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-07-11 04:02 - 2014-04-29 22:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-07-11 04:02 - 2014-04-29 21:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-07-11 04:02 - 2014-04-29 21:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-07-11 04:02 - 2014-04-29 21:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-07-11 04:02 - 2014-04-29 21:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-07-11 04:02 - 2014-04-29 21:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-07-11 04:02 - 2014-04-26 10:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-07-11 04:02 - 2014-04-13 23:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-07-11 04:02 - 2014-04-09 00:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-07-11 04:02 - 2014-04-08 23:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-07-10 05:44 - 2014-07-18 22:07 - 00000000 ____D () C:\Program Files\WinPcap
2014-07-09 23:34 - 2014-07-09 23:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-09 16:42 - 2014-07-09 16:42 - 00000000 ____D () C:\muttildae hacker
2014-07-09 12:33 - 2014-04-13 21:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 03:00 - 2014-07-09 03:00 - 00000000 ____D () C:\sql
2014-07-09 02:55 - 2014-06-18 19:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 02:55 - 2014-06-18 18:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 02:55 - 2014-06-18 18:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 02:55 - 2014-06-18 18:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 02:55 - 2014-06-18 17:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 02:55 - 2014-06-18 17:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 02:55 - 2014-06-18 17:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 02:55 - 2014-06-18 17:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 02:55 - 2014-06-18 17:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 02:55 - 2014-06-18 17:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 02:55 - 2014-06-18 17:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 02:55 - 2014-06-18 17:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 02:55 - 2014-06-18 17:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 02:55 - 2014-06-18 16:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 02:55 - 2014-06-18 16:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 02:55 - 2014-06-18 16:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 02:55 - 2014-06-18 16:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 02:55 - 2014-06-18 16:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 02:55 - 2014-06-18 16:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 02:55 - 2014-06-18 16:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 02:55 - 2014-06-18 16:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 02:55 - 2014-06-18 16:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 02:55 - 2014-06-18 16:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 02:55 - 2014-06-18 16:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 02:55 - 2014-06-18 16:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 02:55 - 2014-06-18 16:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 02:55 - 2014-06-18 16:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 02:55 - 2014-06-16 16:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 02:55 - 2014-06-16 16:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 02:55 - 2014-06-06 08:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 02:55 - 2014-06-06 07:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 02:55 - 2014-06-06 06:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 02:55 - 2014-05-29 21:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 02:55 - 2014-05-29 06:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 02:55 - 2014-05-29 01:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 02:55 - 2014-05-29 00:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 02:55 - 2014-05-29 00:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 02:55 - 2014-05-28 23:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 02:55 - 2014-05-28 23:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 02:54 - 2014-05-31 04:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 02:54 - 2014-05-31 04:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 02:54 - 2014-05-30 21:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 02:54 - 2014-05-30 21:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 02:54 - 2014-05-30 21:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 02:54 - 2014-05-30 21:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 02:54 - 2014-05-30 21:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 02:54 - 2014-05-30 21:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 02:54 - 2014-05-30 20:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 02:54 - 2014-05-30 20:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 02:54 - 2014-05-30 20:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 02:54 - 2014-05-30 20:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 02:54 - 2014-05-30 20:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 02:54 - 2014-05-30 20:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 02:54 - 2014-05-30 20:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 02:49 - 2014-07-09 02:49 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 16:03 - 2014-07-08 16:03 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-08 16:03 - 2012-04-09 16:27 - 00352144 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs3.sys
2014-07-08 16:03 - 2012-04-09 16:27 - 00223760 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsNetRdr3.dll
2014-07-08 16:03 - 2012-04-09 16:27 - 00190480 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsMntNtf3.dll
2014-07-08 16:03 - 2012-04-09 16:27 - 00158224 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsMntNtf3.dll
2014-07-08 16:03 - 2012-04-09 16:27 - 00141328 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsNetRdr3.dll
2014-07-06 20:52 - 2014-07-06 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-05 17:43 - 2014-07-05 20:47 - 00000000 ____D () C:\mssqlscan
2014-07-05 17:06 - 2014-07-05 17:06 - 00000000 ____D () C:\ncat
2014-07-05 17:02 - 2014-07-05 17:04 - 00000000 ____D () C:\Program Files\Wireshark
2014-07-05 11:10 - 2014-07-05 11:10 - 00868373 _____ () C:\WINDOWS\system32\wfpdiag.cab
2014-07-05 08:10 - 2014-07-05 08:11 - 00000000 ____D () C:\Ruby193
2014-07-05 07:38 - 2014-07-05 07:38 - 00000000 ____D () C:\~
2014-07-04 22:16 - 2014-07-04 22:19 - 00000000 ____D () C:\PortQryUI
2014-07-04 22:08 - 2014-07-11 05:52 - 00000000 ____D () C:\WINDOWS\SysWOW64\rserver30
2014-06-29 08:01 - 2014-06-29 08:46 - 00000000 ____D () C:\Webserver
2014-06-28 20:40 - 2014-06-28 20:40 - 00000000 ____D () C:\Program Files (x86)\AppInventor
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 11:46 - 2014-07-24 21:38 - 00000000 ____D () C:\FRST
2014-07-28 11:15 - 2014-07-24 15:42 - 01415054 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-28 11:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-28 00:40 - 2014-07-28 00:40 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-28 00:34 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files\iTunes
2014-07-28 00:34 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-28 00:32 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files\iPod
2014-07-28 00:32 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-28 00:30 - 2013-08-03 00:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-28 00:19 - 2014-07-26 23:46 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 22:34 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-27 22:22 - 2014-01-16 21:09 - 00000000 ____D () C:\Users\Administrator
2014-07-27 17:53 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-27 17:52 - 2013-08-22 07:25 - 04456448 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-27 17:06 - 2014-07-27 01:43 - 00005922 _____ () C:\WINDOWS\PFRO.log
2014-07-27 16:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-27 10:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\System
2014-07-27 01:44 - 2013-09-15 07:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-27 01:44 - 2013-07-27 00:16 - 00000366 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFore.job
2014-07-27 01:44 - 2013-07-04 23:52 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-27 01:44 - 2013-07-04 23:52 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 01:43 - 2013-08-30 19:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 01:43 - 2013-08-30 19:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 01:43 - 2013-08-22 08:44 - 00698712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-27 01:41 - 2014-07-27 00:03 - 00000000 ____D () C:\AdwCleaner
2014-07-27 00:52 - 2014-07-27 00:52 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-27 00:39 - 2014-06-15 12:04 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-07-26 23:45 - 2014-07-26 23:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-26 08:50 - 2014-07-26 08:49 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-26 01:26 - 2014-07-26 01:24 - 00000000 ____D () C:\Users\frank
2014-07-25 10:55 - 2014-07-25 10:12 - 00000610 _____ () C:\procs.html
2014-07-25 10:08 - 2014-07-25 10:07 - 19049228 _____ () C:\baseline.xml
2014-07-25 07:04 - 2013-11-14 01:28 - 00960608 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-25 07:01 - 2014-07-25 02:12 - 00000794 _____ () C:\WINDOWS\setupact.log
2014-07-25 03:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-25 02:12 - 2014-07-25 02:12 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-24 19:45 - 2014-07-24 19:45 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-e-Microsoft-Windows-8.1-(64-bit).dat
2014-07-24 19:44 - 2014-07-24 19:44 - 00000000 ____D () C:\RegBackup
2014-07-24 19:43 - 2014-07-24 19:43 - 00000000 ____D () C:\Tweaking.com
2014-07-24 19:43 - 2014-07-24 19:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-24 19:36 - 2013-10-16 14:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-24 05:18 - 2014-04-07 15:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-23 20:24 - 2014-01-16 21:09 - 00000000 ____D () C:\Users\e
2014-07-23 13:11 - 2014-07-23 13:11 - 00000000 ____D () C:\Android
2014-07-23 12:52 - 2014-07-23 12:46 - 00000000 ____D () C:\AndroidSDK
2014-07-23 12:42 - 2014-07-23 12:42 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-22 19:36 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-21 05:34 - 2014-07-21 05:25 - 00000000 ____D () C:\WINDOWS\pss
2014-07-19 05:24 - 2014-07-19 05:02 - 00000000 ____D () C:\Users\TEMP
2014-07-18 22:16 - 2014-07-18 22:05 - 00000000 ____D () C:\metasploit
2014-07-18 22:07 - 2014-07-10 05:44 - 00000000 ____D () C:\Program Files\WinPcap
2014-07-18 10:47 - 2013-08-22 05:31 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\TFTP.EXE
2014-07-18 05:48 - 2013-07-12 00:33 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-07-17 04:25 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-07-17 01:44 - 2014-07-17 01:44 - 00030046 _____ () C:\results.txt
2014-07-16 16:47 - 2014-07-16 16:30 - 00000000 ____D () C:\cygwin64
2014-07-15 19:42 - 2014-07-15 19:42 - 00000147 _____ () C:\WINDOWS\ODBC.INI
2014-07-15 18:48 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-15 08:17 - 2014-07-15 08:17 - 00000000 ____D () C:\LocalMachine
2014-07-12 01:17 - 2014-07-12 01:17 - 00000000 ____D () C:\Program Files (x86)\Overlook Fing 2.2
2014-07-11 16:42 - 2014-07-11 16:42 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-11 15:36 - 2014-01-16 21:09 - 00000000 ____D () C:\Users\e
2014-07-11 14:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-07-11 14:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-07-11 14:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-11 05:54 - 2014-01-24 13:00 - 00000000 ____D () C:\Program Files (x86)\MultiBit-0.5.16
2014-07-11 05:52 - 2014-07-04 22:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\rserver30
2014-07-11 04:20 - 2014-07-11 04:20 - 00049541 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201407110420128603.log
2014-07-11 04:20 - 2014-07-11 04:20 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-07-11 04:19 - 2012-12-28 18:13 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-11 04:19 - 2012-09-11 22:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-11 04:13 - 2014-07-11 04:13 - 00000000 ____D () C:\Intel
2014-07-11 04:09 - 2014-07-11 04:09 - 00227476 _____ () C:\WINDOWS\SysWOW64\dd_vcredist_x86_1_vcRuntimeAdditional_x86.log
2014-07-11 04:09 - 2014-07-11 04:09 - 00146198 _____ () C:\WINDOWS\SysWOW64\dd_vcredist_x86_0_vcRuntimeMinimum_x86.log
2014-07-11 04:07 - 2014-07-11 04:07 - 00000000 ____D () C:\AMD
2014-07-11 04:02 - 2014-04-23 21:46 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-07-11 04:00 - 2014-06-10 23:11 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-09 23:34 - 2014-07-09 23:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-09 22:16 - 2014-07-22 16:10 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-09 22:03 - 2014-07-22 16:10 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-09 21:33 - 2014-07-22 16:10 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-09 16:42 - 2014-07-09 16:42 - 00000000 ____D () C:\muttildae hacker
2014-07-09 14:39 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-09 14:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 12:38 - 2013-08-04 11:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 12:35 - 2013-07-04 23:49 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 12:32 - 2013-11-14 01:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:00 - 2014-07-09 03:00 - 00000000 ____D () C:\sql
2014-07-09 02:49 - 2014-07-09 02:49 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 16:03 - 2014-07-08 16:03 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-08 15:42 - 2014-04-24 22:48 - 00000000 ____D () C:\Temp
2014-07-08 14:53 - 2014-03-02 15:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-06 20:52 - 2014-07-06 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-05 20:47 - 2014-07-05 17:43 - 00000000 ____D () C:\mssqlscan
2014-07-05 17:15 - 2014-01-17 00:48 - 00000000 ____D () C:\OEAT
2014-07-05 17:06 - 2014-07-05 17:06 - 00000000 ____D () C:\ncat
2014-07-05 17:04 - 2014-07-05 17:02 - 00000000 ____D () C:\Program Files\Wireshark
2014-07-05 12:41 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-05 11:10 - 2014-07-05 11:10 - 00868373 _____ () C:\WINDOWS\system32\wfpdiag.cab
2014-07-05 08:11 - 2014-07-05 08:10 - 00000000 ____D () C:\Ruby193
2014-07-05 07:38 - 2014-07-05 07:38 - 00000000 ____D () C:\~
2014-07-04 22:19 - 2014-07-04 22:16 - 00000000 ____D () C:\PortQryUI
2014-06-29 08:46 - 2014-06-29 08:01 - 00000000 ____D () C:\Webserver
2014-06-28 20:40 - 2014-06-28 20:40 - 00000000 ____D () C:\Program Files (x86)\AppInventor
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
There should have been a Fixlog.txt log on your desktop but thats ok, I can see what it removed
2014-07-05 07:38 - 2014-07-05 07:38 - 00000000 ____D () C:\~ <--Whats in this folder ?
frankhero
2014-07-30, 14:32
That's an .ssh key. one i made using Cygwin. Its my github repository key. my copy. so is that is for the malware end of it? i've noticed a few more issues on my end... not saying it malware... but could use some guidance as to who to go ask. first the networking issue... and to expand on it, i called up my ARP tables and the list is filled with ip address all linked back to on MAC address... it being 00:0D:29:ED:28:5B. dont' know if its always like that but i just noticed it now... i did a netsh arp flush and still nothing changed.. there are 16 entries on the table and they all return that mac address... also "SYSTEMINFO" at cmd returns an error "invalid class" after browsing around this has lead me to believe that i may have some corrupt wmi files... i was going to download a fix from microsoft, but i've only just noticed that none of their pages are https, nor are they verified... i'll try again later using IE since i was using chrome, which may be the issue. any suggestions are welcome... thanks for all you've done so far! :)
Frank, my pleasure helping you. Your logs appear to be clean
As far as the network, a lot of us forums work together, I would like you to post at Whatthetechs Networking forum as there more into networks and there inner functions than I am, as what I do is mostly Malware Removal.
First go here and register, like Safer it free
http://forums.whatthetech.com/
Then post here in there Networking forum
http://forums.whatthetech.com/index.php?showforum=128
They will be more adapt to answer any network questions you may have
Double click on AdwCleaner.exe to run the tool again.
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
==========================================================
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the program.
Place a checkmark next to the following items:
*Activate UAC
*Remove disinfection tools
*Create registry backup
*Reset System Settings
Click the Run button
This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
==========================================================
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken