Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I used a program called roguekill and don't know if I have messed


  • This topic is locked This topic is locked
27 replies to this topic

#1 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 20 May 2014 - 08:32 AM

hi,I am currently running OS windows pro 64 and I recently ran a program called roguekiller and it found some registry keys that said they had trojans and then deleted them without coming on here first to check them out(I didn't want to waste any of your time) It has left a couple of quarantine files and notes on my desktop along with my main PC folder which shouldn't be on my desktop.

My Pc is currently running fine but I am unsure if it is clean.

I also purchased a software called trojan killer by gridinsoft after reading some good reviews of it and it found some trojans which I deleted.

Could someone help by going over my PC to see if it is clean,I have logs on my desktop which I can post as I ran roguekiller a couple of times and both times it found trojans and am sure that there will be logs somewhere on my pc for trojankiller.

Any help is greatly appreciated.


    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 20 May 2014 - 11:36 AM

Hello Ally, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Ensure you are subscribed to this topic to receive instant email notifications of my responses.
    • ​Scroll to the top of this page and ensure you see the following: 6hgDYJ6.png
    • If you are not set to follow this topic, click the Follow this topic button and follow the prompts.
  • Please attempt to backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
Please be advised that I am currently in training. My responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. I will return as soon as possible.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 20 May 2014 - 12:06 PM

Hi Adam,

my name is Ally.

I will not use any other tools or download anything etc. while you are helping me.

I have some folders on my C drive which I am unsure of?

I have nothing of importance to back up other than my my music which I will do now.

many thanks for helping me out!



#4 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 20 May 2014 - 12:57 PM

Hello Ally, 
 
Please copy and paste the contents of RKreport.txt (and any additional RogueKiller logs) in your next reply. 
 

I also purchased a software called trojan killer by gridinsoft

Trojan Killer appears to be a legitimate programme. However, purchasing software to remove malware is unnecessary. 
 
Please attempt to locate the log generated by Trojan Killer. You may find the log in one of the following locations:

  • C:\Program Files\GridinSoft Trojan Killer
  • C:\Program Files (x86)\GridinSoft Trojan Killer
     

I have some folders on my C drive which I am unsure of?

Not to worry, we will ascertain the exact nature of these folders in due course. 
 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your desktop.
  • Note: Run the version compatible with your system. Run both if you do not know your system's bit-type. One will run.  
  • Windows XP: Double-click FRST.exe / FRST64.exe to run the programme.
    Windows 8/7/Vista: Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • RogueKiller log(s) + TrojanKiller log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 20 May 2014 - 01:25 PM

hi Adam,I couldnt find any trojankiller logs(I may have deleted them?)

I have a few roguekiller logs including a quarantine folder.

I will post all of my roguekiller texts 1st in order:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Remove -- Date : 05/18/2014 19:45:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05182014_194521.txt >>
RKreport[0]_S_05182014_194415.txt


RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Remove -- Date : 05/18/2014 19:48:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05182014_194816.txt >>
RKreport[0]_D_05182014_194521.txt;RKreport[0]_S_05182014_194415.txt;RKreport[0]_S_05182014_194713.txt



RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Scan -- Date : 05/18/2014 19:44:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05182014_194415.txt >>



RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Scan -- Date : 05/18/2014 19:47:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05182014_194713.txt >>

 

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Scan -- Date : 05/18/2014 19:47:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05182014_194713.txt >>
RKreport[0]_D_05182014_194521.txt;RKreport[0]_S_05182014_194415.txt

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Scan -- Date : 05/19/2014 16:08:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05192014_160851.txt >>




RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Remove -- Date : 05/19/2014 16:09:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05192014_160900.txt >>




RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Remove -- Date : 05/19/2014 16:09:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05192014_160900.txt >>

 


RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Remove -- Date : 05/19/2014 16:09:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05192014_160900.txt >>

 


RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allybongo [Admin rights]
Mode : Remove -- Date : 05/19/2014 16:09:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250410AS ATA Device +++++
--- User ---
[MBR] 2fec537d9badfc5c37aed2d98746a956
[BSP] 79cc046b877794182fdf9310705a7f20 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05192014_160900.txt >>
RKreport[0]_S_05192014_160851.txt
 

 

 

 

I hope I have posted these in the correct order.....will I post the quarantine folder?







 



#6 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 20 May 2014 - 01:38 PM

I apologise for multiple posts.

 

here are my farbar results: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Allybongo (administrator) on ALLYBONGO-PC on 20-05-2014 20:30:25
Running from C:\Users\Allybongo\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-18] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-01-21] (BlackBerry Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\...\Run: [DellSystemDetect] => C:\Users\Allybongo\AppData\Local\Apps\2.0\3EVK4VVL.N0X\H95517QZ.9EC\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?o...U219DHP&pc=U219
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8CAD7E7B15C0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENGB/MSN_WCP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default
FF Homepage: uk.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.4.1-next - C:\Users\Allybongo\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\searchplugins\google-vanilla.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\Extensions\ascsurfingprotection@iobit.com [2014-05-13]
FF Extension: Adblock Plus - C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-05-13]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Allybongo\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Allybongo\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-05-17]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-24] (Kaspersky Lab ZAO)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2014-02-02] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-18] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 ipMIDI; C:\Windows\System32\drivers\ipmidi.sys [23040 2013-01-31] (nerds.de)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-24] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-14] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-14] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-01-24] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-01-24] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-24] (Kaspersky Lab ZAO)
S3 L6TPortGX; C:\Windows\System32\Drivers\L6TPortGX64.sys [772864 2013-07-11] (Line 6)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 ofvpmj; No ImagePath
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [104448 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
S0 tljkva; No ImagePath
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-05-16] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\PROGRAM FILES (X86)\RUN\cleanhlp64.sys [X]
S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 20:30 - 2014-05-20 20:30 - 00016739 _____ () C:\Users\Allybongo\Desktop\FRST.txt
2014-05-20 20:29 - 2014-05-20 20:30 - 00000000 ____D () C:\FRST
2014-05-20 20:28 - 2014-05-20 20:28 - 02067456 _____ (Farbar) C:\Users\Allybongo\Desktop\FRST64.exe
2014-05-19 16:09 - 2014-05-19 16:09 - 00002127 _____ () C:\Users\Allybongo\Desktop\RKreport[0]_D_05192014_160900.txt
2014-05-19 16:08 - 2014-05-19 16:08 - 00002078 _____ () C:\Users\Allybongo\Desktop\RKreport[0]_S_05192014_160851.txt
2014-05-19 16:06 - 2014-05-19 16:09 - 00000000 ____D () C:\Users\Allybongo\Desktop\RK_Quarantine
2014-05-18 22:26 - 2014-05-18 22:26 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-18 20:11 - 2014-05-18 20:11 - 00000000 ____D () C:\Users\Allybongo\Desktop\rkilller
2014-05-18 17:55 - 2014-04-28 22:25 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140518-175504.backup
2014-05-18 17:51 - 2014-05-18 22:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-17 22:21 - 2014-05-17 22:21 - 00003164 _____ () C:\Windows\System32\Tasks\JetBoost_AutoUpdate
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBoost
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\ProgramData\BlueSprig
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\Program Files (x86)\BlueSprig
2014-05-17 21:21 - 2014-05-17 21:21 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\MPlayer
2014-05-17 21:19 - 2014-05-17 21:19 - 00000000 ____D () C:\MININT
2014-05-17 21:18 - 2014-05-17 22:05 - 00000000 ____D () C:\Users\Allybongo\.umplayer
2014-05-17 21:18 - 2014-05-17 21:19 - 00000000 ____D () C:\Program Files (x86)\UMPlayer
2014-05-17 21:18 - 2014-05-17 21:18 - 00001011 _____ () C:\Users\Public\Desktop\UMPlayer.lnk
2014-05-17 21:18 - 2014-05-17 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UMPlayer
2014-05-17 18:52 - 2014-05-17 18:52 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\PCDr
2014-05-17 18:21 - 2014-05-17 19:04 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\.ACEStream
2014-05-17 18:20 - 2014-05-17 18:22 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\ACEStream
2014-05-17 18:20 - 2014-05-17 18:20 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2014-05-17 18:13 - 2014-05-17 18:44 - 00000000 ___HD () C:\_acestream_cache_
2014-05-17 10:33 - 2011-01-25 01:57 - 11941376 _____ (IDT, Inc.) C:\Windows\system32\idtsg64.cpl
2014-05-17 10:33 - 2011-01-25 01:57 - 04637184 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2014-05-17 10:33 - 2010-01-27 02:30 - 00162816 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2014-05-17 10:33 - 2009-10-10 00:45 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2014-05-17 10:33 - 2009-03-03 01:58 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2014-05-17 10:32 - 2014-05-17 10:34 - 00000000 ____D () C:\Program Files\IDT
2014-05-17 10:32 - 2011-01-25 01:57 - 01499136 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2014-05-17 10:32 - 2011-01-25 01:57 - 00651776 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2014-05-17 10:32 - 2011-01-25 01:57 - 00520192 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2014-05-17 10:32 - 2011-01-25 01:57 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2014-05-17 10:32 - 2011-01-25 01:57 - 00220160 _____ (IDT, Inc.) C:\Windows\system32\st646324.dll
2014-05-17 02:01 - 2014-05-19 20:49 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-17 02:01 - 2014-05-17 02:01 - 00004000 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-17 02:00 - 2014-05-19 20:49 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-17 02:00 - 2014-05-17 02:00 - 00003212 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Program Files\My Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-17 01:57 - 2014-05-17 01:57 - 00000000 ____D () C:\Program Files\DellTPad
2014-05-17 01:57 - 2013-02-21 14:10 - 00489264 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-05-17 01:57 - 2013-02-12 21:31 - 00114520 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-05-17 01:55 - 2014-05-17 01:55 - 00000000 ____D () C:\Windows\SysWOW64\SDA
2014-05-17 01:13 - 2014-05-17 01:14 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\vlc
2014-05-16 10:12 - 2014-05-16 10:12 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-05-15 14:51 - 2014-05-20 20:19 - 00364356 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 19:13 - 2014-05-14 19:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 09:11 - 2014-05-14 09:11 - 00000628 __RSH () C:\Users\Allybongo\ntuser.pol
2014-05-14 09:03 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:03 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:03 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:03 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:03 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:03 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:03 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:03 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:03 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:03 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 09:03 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 09:03 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:03 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 09:03 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:03 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:03 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 09:03 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 09:03 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 09:03 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 09:03 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:29 - 2014-05-13 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-05-13 23:28 - 2014-05-20 18:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-13 23:28 - 2014-05-14 05:43 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-05-13 23:28 - 2014-05-14 05:43 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-05-13 23:28 - 2014-05-13 23:28 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-05-13 23:28 - 2014-05-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-13 23:28 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-05-13 23:11 - 2014-05-13 23:11 - 00002862 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Allybongo
2014-05-13 23:10 - 2014-05-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-05-13 23:08 - 2014-05-13 23:08 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-13 22:27 - 2014-05-13 22:27 - 00001181 _____ () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-05-12 19:56 - 2014-05-12 19:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-09 23:34 - 2014-05-09 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 22:11 - 2014-05-09 22:11 - 00000970 _____ () C:\Users\Allybongo\Desktop\IrfanView.lnk
2014-05-09 20:24 - 2014-05-09 20:24 - 00001887 _____ () C:\Users\Allybongo\Desktop\ImgBurn.lnk
2014-05-09 20:24 - 2014-05-09 20:24 - 00001142 _____ () C:\Users\Allybongo\Desktop\Video Joiner.lnk
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\ProgramData\Auslogics
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-05-06 23:43 - 2014-05-06 23:43 - 00000000 ____D () C:\Users\Allybongo\Doctor Web
2014-05-06 23:20 - 2014-05-06 23:20 - 00000000 ____D () C:\ProgramData\F-Secure
2014-05-05 17:53 - 2014-05-05 18:13 - 00000531 _____ () C:\Windows\cdplayer.ini
2014-05-05 17:53 - 2014-05-05 17:53 - 00001534 _____ () C:\ProgramData\ss.ini
2014-05-05 17:53 - 2014-05-05 17:53 - 00001002 _____ () C:\Users\Allybongo\Desktop\FreeRip.lnk
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\ProgramData\FreeRIP MP3 Converter
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\Program Files (x86)\FreeRIP
2014-05-02 16:50 - 2014-05-09 11:22 - 00000000 ____D () C:\AdwCleaner
2014-05-02 16:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 11:26 - 2014-04-29 15:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 11:26 - 2014-04-29 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 11:26 - 2014-04-29 13:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 11:26 - 2014-04-29 13:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 23:22 - 2014-05-01 23:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-01 23:22 - 2014-05-01 23:22 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-29 08:45 - 2014-05-06 00:01 - 00000000 ____D () C:\Users\Allybongo\.smplayer
2014-04-29 08:39 - 2014-04-29 08:39 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\VS Revo Group
2014-04-29 08:39 - 2014-04-29 08:39 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-28 18:24 - 2014-05-20 19:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 18:24 - 2014-05-13 20:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 18:24 - 2014-05-13 20:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 18:24 - 2014-05-13 20:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 18:21 - 2014-04-28 18:21 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-28 18:21 - 2014-04-28 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-28 18:21 - 2014-04-28 18:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-23 23:20 - 2014-04-23 23:20 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-23 23:20 - 2014-04-23 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 23:20 - 2014-04-23 23:20 - 00000000 ____D () C:\Program Files\Java
2014-04-23 22:35 - 2014-05-16 22:09 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Mp3tag
2014-04-23 22:35 - 2014-04-23 22:35 - 00000983 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-04-23 22:35 - 2014-04-23 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-04-23 19:55 - 2014-05-14 09:09 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-20 20:30 - 2014-05-20 20:30 - 00016739 _____ () C:\Users\Allybongo\Desktop\FRST.txt
2014-05-20 20:30 - 2014-05-20 20:29 - 00000000 ____D () C:\FRST
2014-05-20 20:28 - 2014-05-20 20:28 - 02067456 _____ (Farbar) C:\Users\Allybongo\Desktop\FRST64.exe
2014-05-20 20:19 - 2014-05-15 14:51 - 00364356 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 19:57 - 2014-04-28 18:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 19:11 - 2009-07-14 06:13 - 00781970 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 18:50 - 2014-05-13 23:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-20 16:45 - 2013-10-03 12:43 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\PokerStars
2014-05-20 15:25 - 2009-07-14 05:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 15:25 - 2009-07-14 05:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 15:19 - 2013-10-03 21:04 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\uTorrent
2014-05-20 15:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 13:54 - 2013-10-03 12:44 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Vso
2014-05-20 13:54 - 2013-10-03 12:44 - 00000000 ____D () C:\ProgramData\VSO
2014-05-20 13:04 - 2014-02-23 03:08 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\Deployment
2014-05-19 20:49 - 2014-05-17 02:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-19 20:49 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-19 20:42 - 2013-10-03 13:12 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-19 16:09 - 2014-05-19 16:09 - 00002127 _____ () C:\Users\Allybongo\Desktop\RKreport[0]_D_05192014_160900.txt
2014-05-19 16:09 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\Allybongo\Desktop\RK_Quarantine
2014-05-19 16:08 - 2014-05-19 16:08 - 00002078 _____ () C:\Users\Allybongo\Desktop\RKreport[0]_S_05192014_160851.txt
2014-05-19 16:08 - 2014-02-14 13:38 - 00000000 ___RD () C:\Users\Allybongo\Documents\Antispy
2014-05-19 11:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 22:26 - 2014-05-18 22:26 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-18 22:26 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-18 20:39 - 2014-02-14 13:38 - 00000000 ___RD () C:\Users\Allybongo\Documents\Tools
2014-05-18 20:38 - 2014-02-23 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-05-18 20:11 - 2014-05-18 20:11 - 00000000 ____D () C:\Users\Allybongo\Desktop\rkilller
2014-05-17 23:50 - 2014-03-16 04:15 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Winamp
2014-05-17 22:21 - 2014-05-17 22:21 - 00003164 _____ () C:\Windows\System32\Tasks\JetBoost_AutoUpdate
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBoost
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\ProgramData\BlueSprig
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\Program Files (x86)\BlueSprig
2014-05-17 22:05 - 2014-05-17 21:18 - 00000000 ____D () C:\Users\Allybongo\.umplayer
2014-05-17 21:21 - 2014-05-17 21:21 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\MPlayer
2014-05-17 21:19 - 2014-05-17 21:19 - 00000000 ____D () C:\MININT
2014-05-17 21:19 - 2014-05-17 21:18 - 00000000 ____D () C:\Program Files (x86)\UMPlayer
2014-05-17 21:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-05-17 21:18 - 2014-05-17 21:18 - 00001011 _____ () C:\Users\Public\Desktop\UMPlayer.lnk
2014-05-17 21:18 - 2014-05-17 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UMPlayer
2014-05-17 21:18 - 2013-10-03 08:40 - 00000000 ____D () C:\Users\Allybongo
2014-05-17 19:04 - 2014-05-17 18:21 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\.ACEStream
2014-05-17 18:52 - 2014-05-17 18:52 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\PCDr
2014-05-17 18:44 - 2014-05-17 18:13 - 00000000 ___HD () C:\_acestream_cache_
2014-05-17 18:22 - 2014-05-17 18:20 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\ACEStream
2014-05-17 18:20 - 2014-05-17 18:20 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2014-05-17 16:27 - 2013-10-03 12:47 - 00000000 ___RD () C:\Users\Allybongo\Documents\ConvertXtoDVD
2014-05-17 10:34 - 2014-05-17 10:32 - 00000000 ____D () C:\Program Files\IDT
2014-05-17 10:32 - 2013-10-03 09:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-17 02:01 - 2014-05-17 02:01 - 00004000 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-17 02:00 - 2014-05-17 02:00 - 00003212 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Program Files\My Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-17 01:57 - 2014-05-17 01:57 - 00000000 ____D () C:\Program Files\DellTPad
2014-05-17 01:55 - 2014-05-17 01:55 - 00000000 ____D () C:\Windows\SysWOW64\SDA
2014-05-17 01:53 - 2013-10-03 09:06 - 00014598 _____ () C:\Windows\system32\results.xml
2014-05-17 01:31 - 2013-10-03 13:16 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\Apps\2.0
2014-05-17 01:14 - 2014-05-17 01:13 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\vlc
2014-05-16 22:09 - 2014-04-23 22:35 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Mp3tag
2014-05-16 15:13 - 2014-03-16 05:08 - 00000000 ___RD () C:\Users\Allybongo\Documents\RippedCds
2014-05-16 10:37 - 2013-11-17 17:52 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-16 10:12 - 2014-05-16 10:12 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-05-14 19:13 - 2014-05-14 19:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 19:11 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-14 09:12 - 2013-10-03 08:40 - 00000000 ___RD () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 09:12 - 2013-10-03 08:40 - 00000000 ___RD () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 09:11 - 2014-05-14 09:11 - 00000628 __RSH () C:\Users\Allybongo\ntuser.pol
2014-05-14 09:09 - 2014-04-23 19:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 09:06 - 2013-10-03 11:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 09:04 - 2013-10-03 11:44 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 05:43 - 2014-05-13 23:28 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-05-14 05:43 - 2014-05-13 23:28 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-05-14 05:43 - 2014-01-24 04:30 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-05-13 23:29 - 2014-05-13 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-05-13 23:28 - 2014-05-13 23:28 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-05-13 23:28 - 2014-05-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-13 23:26 - 2014-02-22 15:52 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\IObit
2014-05-13 23:24 - 2014-02-06 16:48 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-13 23:24 - 2014-02-06 16:48 - 00000000 ____D () C:\Users\Guest
2014-05-13 23:24 - 2014-02-01 03:34 - 00000000 ____D () C:\Users\Administrator
2014-05-13 23:11 - 2014-05-13 23:11 - 00002862 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Allybongo
2014-05-13 23:10 - 2014-05-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-05-13 23:09 - 2013-10-03 13:37 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-05-13 23:08 - 2014-05-13 23:08 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-13 22:27 - 2014-05-13 22:27 - 00001181 _____ () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 21:32 - 2013-10-03 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-05-13 21:32 - 2013-10-03 12:43 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-05-13 20:57 - 2014-04-28 18:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 20:57 - 2014-04-28 18:24 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:57 - 2014-04-28 18:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 19:56 - 2014-05-12 19:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-11 16:56 - 2014-02-10 01:01 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\Apple Computer
2014-05-10 10:50 - 2014-02-13 22:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 23:34 - 2014-05-09 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 22:34 - 2013-10-03 13:30 - 00000000 ___RD () C:\Users\Allybongo\Documents\My Kindle Content
2014-05-09 22:11 - 2014-05-09 22:11 - 00000970 _____ () C:\Users\Allybongo\Desktop\IrfanView.lnk
2014-05-09 22:09 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 20:24 - 2014-05-09 20:24 - 00001887 _____ () C:\Users\Allybongo\Desktop\ImgBurn.lnk
2014-05-09 20:24 - 2014-05-09 20:24 - 00001142 _____ () C:\Users\Allybongo\Desktop\Video Joiner.lnk
2014-05-09 11:22 - 2014-05-02 16:50 - 00000000 ____D () C:\AdwCleaner
2014-05-09 07:14 - 2014-05-14 09:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 07:11 - 2014-05-14 09:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\ProgramData\Auslogics
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-05-06 23:43 - 2014-05-06 23:43 - 00000000 ____D () C:\Users\Allybongo\Doctor Web
2014-05-06 23:20 - 2014-05-06 23:20 - 00000000 ____D () C:\ProgramData\F-Secure
2014-05-06 23:16 - 2014-02-02 05:38 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\QuickScan
2014-05-06 23:15 - 2014-03-08 17:00 - 00246965 _____ () C:\Users\Allybongo\AppData\Local\census.cache
2014-05-06 23:15 - 2014-03-08 17:00 - 00098822 _____ () C:\Users\Allybongo\AppData\Local\ars.cache
2014-05-06 17:47 - 2014-02-26 04:13 - 00003850 _____ () C:\Users\Allybongo\AppData\Roaming\Rim.Desktop.Exception.log
2014-05-06 17:47 - 2014-02-26 04:13 - 00003465 _____ () C:\Users\Allybongo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-05-06 00:01 - 2014-04-29 08:45 - 00000000 ____D () C:\Users\Allybongo\.smplayer
2014-05-05 18:19 - 2014-02-03 00:01 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\VirtualStore
2014-05-05 18:13 - 2014-05-05 17:53 - 00000531 _____ () C:\Windows\cdplayer.ini
2014-05-05 17:53 - 2014-05-05 17:53 - 00001534 _____ () C:\ProgramData\ss.ini
2014-05-05 17:53 - 2014-05-05 17:53 - 00001002 _____ () C:\Users\Allybongo\Desktop\FreeRip.lnk
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\ProgramData\FreeRIP MP3 Converter
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\Program Files (x86)\FreeRIP
2014-05-05 16:41 - 2014-02-19 19:41 - 00000000 ____D () C:\DrvInstall
2014-05-02 15:50 - 2014-03-16 05:17 - 00001853 _____ () C:\Users\Public\Desktop\Winamp.lnk
2014-05-02 10:37 - 2013-10-03 09:18 - 00067664 _____ () C:\Users\Allybongo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-02 00:10 - 2009-07-14 05:45 - 04914696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-01 23:22 - 2014-05-01 23:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-01 23:22 - 2014-05-01 23:22 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-29 15:01 - 2014-05-02 11:26 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:40 - 2014-05-02 11:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 13:48 - 2014-05-02 11:26 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 13:34 - 2014-05-02 11:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 11:19 - 2014-01-15 01:05 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\CrashDumps
2014-04-29 08:39 - 2014-04-29 08:39 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\VS Revo Group
2014-04-29 08:39 - 2014-04-29 08:39 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-28 22:25 - 2014-05-18 17:55 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140518-175504.backup
2014-04-28 22:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-28 18:24 - 2014-02-07 15:46 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\Adobe
2014-04-28 18:21 - 2014-04-28 18:21 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-28 18:21 - 2014-04-28 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-28 18:21 - 2014-04-28 18:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-24 13:09 - 2014-02-13 13:06 - 00000000 ____D () C:\Users\Allybongo\licenses
2014-04-23 23:20 - 2014-04-23 23:20 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-23 23:20 - 2014-04-23 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 23:20 - 2014-04-23 23:20 - 00000000 ____D () C:\Program Files\Java
2014-04-23 22:35 - 2014-04-23 22:35 - 00000983 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-04-23 22:35 - 2014-04-23 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-04-23 22:35 - 2014-02-10 02:28 - 00000000 ____D () C:\Program Files (x86)\Mp3tag

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 09:03] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 09:42

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Allybongo at 2014-05-20 20:30:57
Running from C:\Users\Allybongo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Ace Stream Media 2.2.4.1-next (HKCU\...\AceStream) (Version: 2.2.4.1-next - Ace Stream Media)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{5BF3423C-4397-4FE3-A318-C9850EA24CB3}) (Version: 8.0.0.46 - Research In Motion Ltd)
Boilsoft Video Joiner 6.57 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version:  - Boilsoft, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DFX (HKLM-x32\...\DFX) (Version: 11.112.0.0 - Power Technology)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Firebird v2.0 (HKLM-x32\...\Tone2 Firebird_is1) (Version:  - Tone2)
FreeRIP MP3 Converter 4.5.1 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.1 - GreenTree Applications SRL)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.47 - O2Micro International LTD.) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.20.0 - Renesas Electronics Corporation) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.3.0 - GridinSoft LLC)
UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.14 - VSO Software)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8900 - Broadcom Corporation)
William Hill Poker (HKCU\...\William Hill Poker) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)

==================== Restore Points  =========================

14-05-2014 08:03:44 Windows Update
17-05-2014 00:54:54 Installed O2Micro Flash Memory Card Windows Driver
17-05-2014 09:34:11 Installed IDT Audio

==================== Hosts content: ==========================

2014-02-16 05:21 - 2014-05-18 17:55 - 00449906 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1A842EC9-470C-4CBF-A7CE-8AD0E9AA0FC5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {32B8BBBD-DEEE-49DD-8F93-D0A94199799A} - System32\Tasks\ASC7_SkipUac_Allybongo => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-04] (IObit)
Task: {33C6D1C9-E2FB-486D-AD0D-A727C9F90B2A} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {3E28F8E8-56F6-4163-8DED-A437755332A3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {85B737A8-13BC-4D31-A242-4B0934EBB959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {8884B029-C509-4ED2-85D9-E2B379A1C34F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {E0282523-37AE-49B2-8F1F-370FF4E3F722} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-15 13:13 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-10-03 09:04 - 2013-02-22 14:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-13 23:10 - 2014-02-13 16:44 - 01214240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
2013-08-20 18:03 - 2013-08-20 18:03 - 01274840 _____ () C:\Program Files (x86)\DFX\DFX.exe
2013-08-20 18:12 - 2013-08-20 18:12 - 00130520 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2013-08-20 18:16 - 2013-08-20 18:16 - 00132056 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2013-08-20 18:35 - 2013-08-20 18:35 - 00048088 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2013-08-20 18:06 - 2013-08-20 18:06 - 00167384 _____ () C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
2014-05-13 23:10 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-05-13 23:10 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-05-13 23:10 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-05-13 23:10 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2013-08-20 18:31 - 2013-08-20 18:31 - 00049112 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupreg: Amazon Cloud Player => c:\users\allybongo\appdata\local\amazon cloud player\amazon music helper.exe
MSCONFIG\startupreg: DFX => c:\program files (x86)\dfx\dfx.exe -startup
MSCONFIG\startupreg: Digit Skinnable Clock V2 => C:\Program Files (x86)\Horizon5\Digit\DIGITV2_1.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files (x86)\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: HotKeysCmds => c:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => c:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: Windows Defender => %programfiles%\windows defender\msascui.exe -hide

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 375 Bluetooth Module
Description: Dell Wireless 375 Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 05:03:45 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/">.

Error: (05/20/2014 03:19:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 03:19:06 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/">.

Error: (05/20/2014 01:54:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/">.

Error: (05/20/2014 00:00:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 08:48:52 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/">.

Error: (05/19/2014 02:48:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 02:41:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 00:57:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 11:03:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/20/2014 03:18:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/20/2014 11:59:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/19/2014 02:46:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/19/2014 02:39:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/19/2014 00:56:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/19/2014 11:01:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/19/2014 10:43:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/19/2014 10:40:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/19/2014 10:04:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/19/2014 07:11:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva


Microsoft Office Sessions:
=========================
Error: (05/20/2014 05:03:45 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/

Error: (05/20/2014 03:19:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 03:19:06 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/

Error: (05/20/2014 01:54:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/

Error: (05/20/2014 00:00:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 08:48:52 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/

Error: (05/19/2014 02:48:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 02:41:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 00:57:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 11:03:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-05-19 09:44:14.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 23:49:33.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 3993.05 MB
Available physical RAM: 2590.17 MB
Total Pagefile: 7984.28 MB
Available Pagefile: 6118.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:178.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 34DE6125)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 20 May 2014 - 05:10 PM

Hello Ally, 
 
Thank you for the posting the logs. They are all looking pretty good. The items identified in the RogueKiller log are nothing to be concerned with, and there is no evidence of malware in your FRST logs.  :)

 

I couldnt find any trojankiller logs(I may have deleted them?)

Not to worry if you can't find the log. There is the possibility the programme does not generate a log.  

 

I hope I have posted these in the correct order.....will I post the quarantine folder?

Yes, the order was just fine. There is no need to post the contents of the quarantine folder. 

 

I apologise for multiple posts.

No need to apologise. Please use as many posts as you like. 

 
I can see evidence that ComboFix has at some point been run on this computer. Do you know when that was? Why was ComboFix run?

 
Please consider and carry out the following:
 

goGMWSt.gifP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware -wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

Risks of File-Sharing Technology
P2P Software User Advisories
More malware is traveling on P2P networks these days

I suggest you remove any trace of file sharing software from your computer. You can uninstall your P2P file sharing software by:

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • uTorrent
  • Please inform if you decide to uninstall your P2P file sharing software. I will script out any remaining entries not removed.
If you decide against removing your P2P file sharing software, please ensure you refrain from P2P filesharing whilst your computer is being cleaned. 

 
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you decide to remove your P2P file sharing software?
  • When and why was ComboFix run?
  • AdwCleaner[S0].txt
  • JRT.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#8 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 20 May 2014 - 05:25 PM

hi Adam,I would like to keep utorrent as I do use p2p even though I know I put my pc security at risk,

I have an Adwcleaner but am unsure of what to delete...the only thing I know that is legit is freerip but i don't know what the other stuff is....could you let me know what to clean before i move forwad as I am unsure......here is my adwcleaner log:

 

btw I am unsure when combofix was run.....I think it was the last time I had help to remove malware.

 

 

 

# AdwCleaner v3.210 - Report created 21/05/2014 at 00:20:55
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Allybongo - ALLYBONGO-PC
# Running from : C:\Users\Allybongo\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\FreeRIP

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\prefs.js ]

Line Found : user_pref("extensions.fvd_single.__surfcanyon_disable_time", "1400263437349");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1106 octets] - [02/05/2014 16:50:33]
AdwCleaner[R1].txt - [1093 octets] - [09/05/2014 11:21:41]
AdwCleaner[R2].txt - [1039 octets] - [21/05/2014 00:20:55]
AdwCleaner[S0].txt - [1176 octets] - [02/05/2014 16:51:23]
AdwCleaner[S1].txt - [1164 octets] - [09/05/2014 11:22:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1219 octets] ##########
 


Edited by Ally, 20 May 2014 - 05:30 PM.


#9 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 20 May 2014 - 05:51 PM

hi Adam,I ran junkwareremoval tool and here is the log,it deleted freerip whereas I paid for the full version of this software to rip music now I am unsure if it is a legit software?

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Allybongo on 21/05/2014 at  0:40:02.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\freerip"



~~~ FireFox

Successfully deleted the following from C:\Users\Allybongo\AppData\Roaming\mozilla\firefox\profiles\yo01l4ps.default\prefs.js

user_pref("extensions.fvd_single.__surfcanyon_disable_time", "1400263437349");
Emptied folder: C:\Users\Allybongo\AppData\Roaming\mozilla\firefox\profiles\yo01l4ps.default\minidumps [112 files]



~~~ Event Viewer Logs were cleared



 



#10 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 20 May 2014 - 11:23 PM

Hello Ally, 
 

btw I am unsure when combofix was run.....I think it was the last time I had help to remove malware.

Okay, thank you for letting me know. We will remove the left over ComboFix entry shortly. 
 

I ran junkwareremoval tool and here is the log,it deleted freerip whereas I paid for the full version of this software to rip music now I am unsure if it is a legit software?

Some vendors classify the programme as a Potentially Unwanted Programme (PUP). This is not to say the software is illegitimate - if you installed, paid for and use the software then that is fine. 
 
To restore the programme I would like you to carry out the following steps:

  • Go to the FreeRIP download page
  • Download FreeRIP. During or after the installation, you should be prompted to enter your registration details for the PRO version. This will restore the PRO (paid) version of the programme on your computer. 
  • Note: Ensure you carefully read each page of the installer, and uncheck the installation of any additional software
  • If you do not know your registration details, click the automatic registration recovery service link on the download page and follow the instructions. 
  • Please continue with the instructions below once you have restored the programme.  
     

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Has FreeRIP PRO been successfully restored?
  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove


#11 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 21 May 2014 - 04:14 AM

Hi Adam,

freerip pro installed sucessfully without the need to re-register.

here are my scan results :

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Allybongo (administrator) on ALLYBONGO-PC on 21-05-2014 11:09:30
Running from C:\Users\Allybongo\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-18] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-01-21] (BlackBerry Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\...\Run: [DellSystemDetect] => C:\Users\Allybongo\AppData\Local\Apps\2.0\3EVK4VVL.N0X\H95517QZ.9EC\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?o...U219DHP&pc=U219
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8CAD7E7B15C0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENGB/MSN_WCP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default
FF Homepage: uk.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.4.1-next - C:\Users\Allybongo\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\searchplugins\google-vanilla.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\Extensions\ascsurfingprotection@iobit.com [2014-05-13]
FF Extension: Adblock Plus - C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-05-13]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Allybongo\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Allybongo\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-05-17]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-24] (Kaspersky Lab ZAO)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2014-02-02] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-18] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 ipMIDI; C:\Windows\System32\drivers\ipmidi.sys [23040 2013-01-31] (nerds.de)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-24] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-14] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-14] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-01-24] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-01-24] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-24] (Kaspersky Lab ZAO)
S3 L6TPortGX; C:\Windows\System32\Drivers\L6TPortGX64.sys [772864 2013-07-11] (Line 6)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 ofvpmj; No ImagePath
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [104448 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
S0 tljkva; No ImagePath
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-05-16] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\PROGRAM FILES (X86)\RUN\cleanhlp64.sys [X]
S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-21 11:09 - 2014-05-21 11:09 - 00016128 _____ () C:\Users\Allybongo\Desktop\FRST.txt
2014-05-21 11:04 - 2014-05-21 11:04 - 00001002 _____ () C:\Users\Allybongo\Desktop\FreeRIP MP3 Converter.lnk
2014-05-21 11:04 - 2014-05-21 11:04 - 00000000 ____D () C:\Program Files (x86)\FreeRIP
2014-05-21 11:02 - 2014-05-21 11:02 - 02173272 _____ (GreenTree Applications SRL) C:\Users\Allybongo\Downloads\freeripmp3-setup.exe
2014-05-21 00:46 - 2014-05-21 00:46 - 00001042 _____ () C:\Users\Allybongo\Desktop\JRT.txt
2014-05-21 00:28 - 2014-05-21 00:28 - 01016261 _____ (Thisisu) C:\Users\Allybongo\Desktop\JRT.exe
2014-05-21 00:17 - 2014-05-21 00:17 - 01326389 _____ () C:\Users\Allybongo\Desktop\AdwCleaner.exe
2014-05-20 20:29 - 2014-05-21 11:09 - 00000000 ____D () C:\FRST
2014-05-20 20:28 - 2014-05-20 20:28 - 02067456 _____ (Farbar) C:\Users\Allybongo\Desktop\FRST64.exe
2014-05-19 16:09 - 2014-05-19 16:09 - 00002127 _____ () C:\Users\Allybongo\Desktop\RKreport[0]_D_05192014_160900.txt
2014-05-19 16:08 - 2014-05-19 16:08 - 00002078 _____ () C:\Users\Allybongo\Desktop\RKreport[0]_S_05192014_160851.txt
2014-05-19 16:06 - 2014-05-19 16:09 - 00000000 ____D () C:\Users\Allybongo\Desktop\RK_Quarantine
2014-05-18 22:26 - 2014-05-18 22:26 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-18 20:11 - 2014-05-18 20:11 - 00000000 ____D () C:\Users\Allybongo\Desktop\rkilller
2014-05-18 17:55 - 2014-04-28 22:25 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140518-175504.backup
2014-05-18 17:51 - 2014-05-18 22:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-17 22:21 - 2014-05-17 22:21 - 00003164 _____ () C:\Windows\System32\Tasks\JetBoost_AutoUpdate
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBoost
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\ProgramData\BlueSprig
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\Program Files (x86)\BlueSprig
2014-05-17 21:21 - 2014-05-17 21:21 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\MPlayer
2014-05-17 21:19 - 2014-05-17 21:19 - 00000000 ____D () C:\MININT
2014-05-17 21:18 - 2014-05-17 22:05 - 00000000 ____D () C:\Users\Allybongo\.umplayer
2014-05-17 21:18 - 2014-05-17 21:19 - 00000000 ____D () C:\Program Files (x86)\UMPlayer
2014-05-17 21:18 - 2014-05-17 21:18 - 00001011 _____ () C:\Users\Public\Desktop\UMPlayer.lnk
2014-05-17 21:18 - 2014-05-17 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UMPlayer
2014-05-17 18:52 - 2014-05-17 18:52 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\PCDr
2014-05-17 18:21 - 2014-05-17 19:04 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\.ACEStream
2014-05-17 18:20 - 2014-05-17 18:22 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\ACEStream
2014-05-17 18:20 - 2014-05-17 18:20 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2014-05-17 18:13 - 2014-05-17 18:44 - 00000000 ___HD () C:\_acestream_cache_
2014-05-17 10:33 - 2011-01-25 01:57 - 11941376 _____ (IDT, Inc.) C:\Windows\system32\idtsg64.cpl
2014-05-17 10:33 - 2011-01-25 01:57 - 04637184 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2014-05-17 10:33 - 2010-01-27 02:30 - 00162816 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2014-05-17 10:33 - 2009-10-10 00:45 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2014-05-17 10:33 - 2009-03-03 01:58 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2014-05-17 10:32 - 2014-05-17 10:34 - 00000000 ____D () C:\Program Files\IDT
2014-05-17 10:32 - 2011-01-25 01:57 - 01499136 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2014-05-17 10:32 - 2011-01-25 01:57 - 00651776 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2014-05-17 10:32 - 2011-01-25 01:57 - 00520192 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2014-05-17 10:32 - 2011-01-25 01:57 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2014-05-17 10:32 - 2011-01-25 01:57 - 00220160 _____ (IDT, Inc.) C:\Windows\system32\st646324.dll
2014-05-17 02:01 - 2014-05-19 20:49 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-17 02:01 - 2014-05-17 02:01 - 00004000 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-17 02:00 - 2014-05-19 20:49 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-17 02:00 - 2014-05-17 02:00 - 00003212 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Program Files\My Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-17 01:57 - 2014-05-17 01:57 - 00000000 ____D () C:\Program Files\DellTPad
2014-05-17 01:57 - 2013-02-21 14:10 - 00489264 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-05-17 01:57 - 2013-02-12 21:31 - 00114520 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-05-17 01:55 - 2014-05-17 01:55 - 00000000 ____D () C:\Windows\SysWOW64\SDA
2014-05-17 01:13 - 2014-05-17 01:14 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\vlc
2014-05-16 10:12 - 2014-05-16 10:12 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-05-15 14:51 - 2014-05-21 10:50 - 00386160 ____N () C:\Windows\WindowsUpdate.log
2014-05-14 19:13 - 2014-05-14 19:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 09:11 - 2014-05-14 09:11 - 00000628 __RSH () C:\Users\Allybongo\ntuser.pol
2014-05-14 09:03 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:03 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:03 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:03 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:03 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:03 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:03 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:03 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:03 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:03 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 09:03 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 09:03 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:03 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 09:03 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:03 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:03 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:03 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:03 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 09:03 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 09:03 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 09:03 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 09:03 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 09:03 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:29 - 2014-05-13 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-05-13 23:28 - 2014-05-21 10:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-13 23:28 - 2014-05-14 05:43 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-05-13 23:28 - 2014-05-14 05:43 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-05-13 23:28 - 2014-05-13 23:28 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-05-13 23:28 - 2014-05-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-13 23:28 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-05-13 23:11 - 2014-05-13 23:11 - 00002862 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Allybongo
2014-05-13 23:10 - 2014-05-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-05-13 23:08 - 2014-05-13 23:08 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-13 22:27 - 2014-05-13 22:27 - 00001181 _____ () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-05-12 19:56 - 2014-05-12 19:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-09 23:34 - 2014-05-09 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 22:11 - 2014-05-09 22:11 - 00000970 _____ () C:\Users\Allybongo\Desktop\IrfanView.lnk
2014-05-09 20:24 - 2014-05-09 20:24 - 00001887 _____ () C:\Users\Allybongo\Desktop\ImgBurn.lnk
2014-05-09 20:24 - 2014-05-09 20:24 - 00001142 _____ () C:\Users\Allybongo\Desktop\Video Joiner.lnk
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\ProgramData\Auslogics
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-05-06 23:43 - 2014-05-06 23:43 - 00000000 ____D () C:\Users\Allybongo\Doctor Web
2014-05-06 23:20 - 2014-05-06 23:20 - 00000000 ____D () C:\ProgramData\F-Secure
2014-05-05 17:53 - 2014-05-21 11:05 - 00000611 _____ () C:\Windows\cdplayer.ini
2014-05-05 17:53 - 2014-05-21 11:04 - 00001534 _____ () C:\ProgramData\ss.ini
2014-05-05 17:53 - 2014-05-05 17:53 - 00001002 _____ () C:\Users\Allybongo\Desktop\FreeRip.lnk
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\ProgramData\FreeRIP MP3 Converter
2014-05-02 16:50 - 2014-05-21 00:21 - 00000000 ____D () C:\AdwCleaner
2014-05-02 16:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 11:26 - 2014-04-29 15:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 11:26 - 2014-04-29 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 11:26 - 2014-04-29 13:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 11:26 - 2014-04-29 13:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 23:22 - 2014-05-01 23:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-01 23:22 - 2014-05-01 23:22 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-29 08:45 - 2014-05-06 00:01 - 00000000 ____D () C:\Users\Allybongo\.smplayer
2014-04-29 08:39 - 2014-04-29 08:39 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\VS Revo Group
2014-04-29 08:39 - 2014-04-29 08:39 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-28 18:24 - 2014-05-21 10:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 18:24 - 2014-05-13 20:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 18:24 - 2014-05-13 20:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 18:24 - 2014-05-13 20:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 18:21 - 2014-04-28 18:21 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-28 18:21 - 2014-04-28 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-28 18:21 - 2014-04-28 18:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-23 23:20 - 2014-04-23 23:20 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-23 23:20 - 2014-04-23 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 23:20 - 2014-04-23 23:20 - 00000000 ____D () C:\Program Files\Java
2014-04-23 22:35 - 2014-05-16 22:09 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Mp3tag
2014-04-23 22:35 - 2014-04-23 22:35 - 00000983 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-04-23 22:35 - 2014-04-23 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-04-23 19:55 - 2014-05-14 09:09 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-21 11:09 - 2014-05-21 11:09 - 00016128 _____ () C:\Users\Allybongo\Desktop\FRST.txt
2014-05-21 11:09 - 2014-05-20 20:29 - 00000000 ____D () C:\FRST
2014-05-21 11:05 - 2014-05-05 17:53 - 00000611 _____ () C:\Windows\cdplayer.ini
2014-05-21 11:04 - 2014-05-21 11:04 - 00001002 _____ () C:\Users\Allybongo\Desktop\FreeRIP MP3 Converter.lnk
2014-05-21 11:04 - 2014-05-21 11:04 - 00000000 ____D () C:\Program Files (x86)\FreeRIP
2014-05-21 11:04 - 2014-05-05 17:53 - 00001534 _____ () C:\ProgramData\ss.ini
2014-05-21 11:02 - 2014-05-21 11:02 - 02173272 _____ (GreenTree Applications SRL) C:\Users\Allybongo\Downloads\freeripmp3-setup.exe
2014-05-21 10:57 - 2014-04-28 18:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 10:56 - 2009-07-14 05:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 10:56 - 2009-07-14 05:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 10:55 - 2009-07-14 06:13 - 00781970 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-21 10:50 - 2014-05-15 14:51 - 00386160 ____N () C:\Windows\WindowsUpdate.log
2014-05-21 10:49 - 2014-05-13 23:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-21 10:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-21 00:46 - 2014-05-21 00:46 - 00001042 _____ () C:\Users\Allybongo\Desktop\JRT.txt
2014-05-21 00:28 - 2014-05-21 00:28 - 01016261 _____ (Thisisu) C:\Users\Allybongo\Desktop\JRT.exe
2014-05-21 00:21 - 2014-05-02 16:50 - 00000000 ____D () C:\AdwCleaner
2014-05-21 00:17 - 2014-05-21 00:17 - 01326389 _____ () C:\Users\Allybongo\Desktop\AdwCleaner.exe
2014-05-21 00:00 - 2013-10-03 12:43 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\PokerStars
2014-05-20 20:28 - 2014-05-20 20:28 - 02067456 _____ (Farbar) C:\Users\Allybongo\Desktop\FRST64.exe
2014-05-20 15:19 - 2013-10-03 21:04 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\uTorrent
2014-05-20 13:54 - 2013-10-03 12:44 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Vso
2014-05-20 13:54 - 2013-10-03 12:44 - 00000000 ____D () C:\ProgramData\VSO
2014-05-20 13:04 - 2014-02-23 03:08 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\Deployment
2014-05-19 20:49 - 2014-05-17 02:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-19 20:49 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-19 20:42 - 2013-10-03 13:12 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-19 16:09 - 2014-05-19 16:09 - 00002127 _____ () C:\Users\Allybongo\Desktop\RKreport[0]_D_05192014_160900.txt
2014-05-19 16:09 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\Allybongo\Desktop\RK_Quarantine
2014-05-19 16:08 - 2014-05-19 16:08 - 00002078 _____ () C:\Users\Allybongo\Desktop\RKreport[0]_S_05192014_160851.txt
2014-05-19 16:08 - 2014-02-14 13:38 - 00000000 ___RD () C:\Users\Allybongo\Documents\Antispy
2014-05-19 11:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 22:26 - 2014-05-18 22:26 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-18 22:26 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-18 20:39 - 2014-02-14 13:38 - 00000000 ___RD () C:\Users\Allybongo\Documents\Tools
2014-05-18 20:38 - 2014-02-23 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-05-18 20:11 - 2014-05-18 20:11 - 00000000 ____D () C:\Users\Allybongo\Desktop\rkilller
2014-05-17 23:50 - 2014-03-16 04:15 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Winamp
2014-05-17 22:21 - 2014-05-17 22:21 - 00003164 _____ () C:\Windows\System32\Tasks\JetBoost_AutoUpdate
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBoost
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\ProgramData\BlueSprig
2014-05-17 22:21 - 2014-05-17 22:21 - 00000000 ____D () C:\Program Files (x86)\BlueSprig
2014-05-17 22:05 - 2014-05-17 21:18 - 00000000 ____D () C:\Users\Allybongo\.umplayer
2014-05-17 21:21 - 2014-05-17 21:21 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\MPlayer
2014-05-17 21:19 - 2014-05-17 21:19 - 00000000 ____D () C:\MININT
2014-05-17 21:19 - 2014-05-17 21:18 - 00000000 ____D () C:\Program Files (x86)\UMPlayer
2014-05-17 21:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-05-17 21:18 - 2014-05-17 21:18 - 00001011 _____ () C:\Users\Public\Desktop\UMPlayer.lnk
2014-05-17 21:18 - 2014-05-17 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UMPlayer
2014-05-17 21:18 - 2013-10-03 08:40 - 00000000 ____D () C:\Users\Allybongo
2014-05-17 19:04 - 2014-05-17 18:21 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\.ACEStream
2014-05-17 18:52 - 2014-05-17 18:52 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\PCDr
2014-05-17 18:44 - 2014-05-17 18:13 - 00000000 ___HD () C:\_acestream_cache_
2014-05-17 18:22 - 2014-05-17 18:20 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\ACEStream
2014-05-17 18:20 - 2014-05-17 18:20 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2014-05-17 16:27 - 2013-10-03 12:47 - 00000000 ___RD () C:\Users\Allybongo\Documents\ConvertXtoDVD
2014-05-17 10:34 - 2014-05-17 10:32 - 00000000 ____D () C:\Program Files\IDT
2014-05-17 10:32 - 2013-10-03 09:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-17 02:01 - 2014-05-17 02:01 - 00004000 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-17 02:00 - 2014-05-17 02:00 - 00003212 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Program Files\My Dell
2014-05-17 02:00 - 2014-05-17 02:00 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-17 01:57 - 2014-05-17 01:57 - 00000000 ____D () C:\Program Files\DellTPad
2014-05-17 01:55 - 2014-05-17 01:55 - 00000000 ____D () C:\Windows\SysWOW64\SDA
2014-05-17 01:53 - 2013-10-03 09:06 - 00014598 _____ () C:\Windows\system32\results.xml
2014-05-17 01:31 - 2013-10-03 13:16 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\Apps\2.0
2014-05-17 01:14 - 2014-05-17 01:13 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\vlc
2014-05-16 22:09 - 2014-04-23 22:35 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Mp3tag
2014-05-16 15:13 - 2014-03-16 05:08 - 00000000 ___RD () C:\Users\Allybongo\Documents\RippedCds
2014-05-16 10:37 - 2013-11-17 17:52 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-16 10:12 - 2014-05-16 10:12 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-05-14 19:13 - 2014-05-14 19:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 19:11 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-14 09:12 - 2013-10-03 08:40 - 00000000 ___RD () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 09:12 - 2013-10-03 08:40 - 00000000 ___RD () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 09:11 - 2014-05-14 09:11 - 00000628 __RSH () C:\Users\Allybongo\ntuser.pol
2014-05-14 09:09 - 2014-04-23 19:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 09:06 - 2013-10-03 11:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 09:04 - 2013-10-03 11:44 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 05:43 - 2014-05-13 23:28 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-05-14 05:43 - 2014-05-13 23:28 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-05-14 05:43 - 2014-01-24 04:30 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-05-13 23:29 - 2014-05-13 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-05-13 23:28 - 2014-05-13 23:28 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-05-13 23:28 - 2014-05-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-13 23:26 - 2014-02-22 15:52 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\IObit
2014-05-13 23:24 - 2014-02-06 16:48 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-13 23:24 - 2014-02-06 16:48 - 00000000 ____D () C:\Users\Guest
2014-05-13 23:24 - 2014-02-01 03:34 - 00000000 ____D () C:\Users\Administrator
2014-05-13 23:11 - 2014-05-13 23:11 - 00002862 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Allybongo
2014-05-13 23:10 - 2014-05-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-05-13 23:09 - 2013-10-03 13:37 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-05-13 23:08 - 2014-05-13 23:08 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-13 22:27 - 2014-05-13 22:27 - 00001181 _____ () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 21:32 - 2013-10-03 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-05-13 21:32 - 2013-10-03 12:43 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-05-13 21:08 - 2014-05-13 21:08 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-05-13 20:57 - 2014-04-28 18:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 20:57 - 2014-04-28 18:24 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:57 - 2014-04-28 18:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 19:56 - 2014-05-12 19:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-11 16:56 - 2014-02-10 01:01 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\Apple Computer
2014-05-10 10:50 - 2014-02-13 22:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 23:34 - 2014-05-09 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 22:34 - 2013-10-03 13:30 - 00000000 ___RD () C:\Users\Allybongo\Documents\My Kindle Content
2014-05-09 22:11 - 2014-05-09 22:11 - 00000970 _____ () C:\Users\Allybongo\Desktop\IrfanView.lnk
2014-05-09 22:09 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 20:24 - 2014-05-09 20:24 - 00001887 _____ () C:\Users\Allybongo\Desktop\ImgBurn.lnk
2014-05-09 20:24 - 2014-05-09 20:24 - 00001142 _____ () C:\Users\Allybongo\Desktop\Video Joiner.lnk
2014-05-09 07:14 - 2014-05-14 09:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 07:11 - 2014-05-14 09:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\ProgramData\Auslogics
2014-05-08 01:33 - 2014-05-08 01:33 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-05-06 23:43 - 2014-05-06 23:43 - 00000000 ____D () C:\Users\Allybongo\Doctor Web
2014-05-06 23:20 - 2014-05-06 23:20 - 00000000 ____D () C:\ProgramData\F-Secure
2014-05-06 23:16 - 2014-02-02 05:38 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\QuickScan
2014-05-06 23:15 - 2014-03-08 17:00 - 00246965 _____ () C:\Users\Allybongo\AppData\Local\census.cache
2014-05-06 23:15 - 2014-03-08 17:00 - 00098822 _____ () C:\Users\Allybongo\AppData\Local\ars.cache
2014-05-06 17:47 - 2014-02-26 04:13 - 00003850 _____ () C:\Users\Allybongo\AppData\Roaming\Rim.Desktop.Exception.log
2014-05-06 17:47 - 2014-02-26 04:13 - 00003465 _____ () C:\Users\Allybongo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-05-06 00:01 - 2014-04-29 08:45 - 00000000 ____D () C:\Users\Allybongo\.smplayer
2014-05-05 18:19 - 2014-02-03 00:01 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\VirtualStore
2014-05-05 17:53 - 2014-05-05 17:53 - 00001002 _____ () C:\Users\Allybongo\Desktop\FreeRip.lnk
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-05-05 17:53 - 2014-05-05 17:53 - 00000000 ____D () C:\ProgramData\FreeRIP MP3 Converter
2014-05-05 16:41 - 2014-02-19 19:41 - 00000000 ____D () C:\DrvInstall
2014-05-02 15:50 - 2014-03-16 05:17 - 00001853 _____ () C:\Users\Public\Desktop\Winamp.lnk
2014-05-02 10:37 - 2013-10-03 09:18 - 00067664 _____ () C:\Users\Allybongo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-02 00:10 - 2009-07-14 05:45 - 04914696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-01 23:22 - 2014-05-01 23:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-01 23:22 - 2014-05-01 23:22 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-29 15:01 - 2014-05-02 11:26 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:40 - 2014-05-02 11:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 13:48 - 2014-05-02 11:26 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 13:34 - 2014-05-02 11:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 11:19 - 2014-01-15 01:05 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\CrashDumps
2014-04-29 08:39 - 2014-04-29 08:39 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\VS Revo Group
2014-04-29 08:39 - 2014-04-29 08:39 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-28 22:25 - 2014-05-18 17:55 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140518-175504.backup
2014-04-28 22:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-28 18:24 - 2014-02-07 15:46 - 00000000 ____D () C:\Users\Allybongo\AppData\Local\Adobe
2014-04-28 18:21 - 2014-04-28 18:21 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-28 18:21 - 2014-04-28 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-28 18:21 - 2014-04-28 18:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-24 13:09 - 2014-02-13 13:06 - 00000000 ____D () C:\Users\Allybongo\licenses
2014-04-23 23:20 - 2014-04-23 23:20 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 23:20 - 2014-04-23 23:20 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-23 23:20 - 2014-04-23 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 23:20 - 2014-04-23 23:20 - 00000000 ____D () C:\Program Files\Java
2014-04-23 22:35 - 2014-04-23 22:35 - 00000983 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-04-23 22:35 - 2014-04-23 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-04-23 22:35 - 2014-02-10 02:28 - 00000000 ____D () C:\Program Files (x86)\Mp3tag

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 09:03] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 09:42

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Allybongo at 2014-05-21 11:10:11
Running from C:\Users\Allybongo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Ace Stream Media 2.2.4.1-next (HKCU\...\AceStream) (Version: 2.2.4.1-next - Ace Stream Media)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{5BF3423C-4397-4FE3-A318-C9850EA24CB3}) (Version: 8.0.0.46 - Research In Motion Ltd)
Boilsoft Video Joiner 6.57 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version:  - Boilsoft, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DFX (HKLM-x32\...\DFX) (Version: 11.112.0.0 - Power Technology)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Firebird v2.0 (HKLM-x32\...\Tone2 Firebird_is1) (Version:  - Tone2)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.47 - O2Micro International LTD.) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.20.0 - Renesas Electronics Corporation) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.3.0 - GridinSoft LLC)
UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.14 - VSO Software)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8900 - Broadcom Corporation)
William Hill Poker (HKCU\...\William Hill Poker) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)

==================== Restore Points  =========================

14-05-2014 08:03:44 Windows Update
17-05-2014 00:54:54 Installed O2Micro Flash Memory Card Windows Driver
17-05-2014 09:34:11 Installed IDT Audio

==================== Hosts content: ==========================

2014-02-16 05:21 - 2014-05-18 17:55 - 00449906 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1A842EC9-470C-4CBF-A7CE-8AD0E9AA0FC5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {32B8BBBD-DEEE-49DD-8F93-D0A94199799A} - System32\Tasks\ASC7_SkipUac_Allybongo => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-04] (IObit)
Task: {33C6D1C9-E2FB-486D-AD0D-A727C9F90B2A} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {3E28F8E8-56F6-4163-8DED-A437755332A3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {85B737A8-13BC-4D31-A242-4B0934EBB959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {8884B029-C509-4ED2-85D9-E2B379A1C34F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {E0282523-37AE-49B2-8F1F-370FF4E3F722} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-15 13:13 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-10-03 09:04 - 2013-02-22 14:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-13 23:10 - 2014-02-13 16:44 - 01214240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
2014-05-13 23:10 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-05-13 23:10 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-05-13 23:10 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-05-13 23:10 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupreg: Amazon Cloud Player => c:\users\allybongo\appdata\local\amazon cloud player\amazon music helper.exe
MSCONFIG\startupreg: DFX => c:\program files (x86)\dfx\dfx.exe -startup
MSCONFIG\startupreg: Digit Skinnable Clock V2 => C:\Program Files (x86)\Horizon5\Digit\DIGITV2_1.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files (x86)\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: HotKeysCmds => c:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => c:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: Windows Defender => %programfiles%\windows defender\msascui.exe -hide

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 375 Bluetooth Module
Description: Dell Wireless 375 Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2014 11:07:45 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/">.

Error: (05/21/2014 10:51:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2014 01:09:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/21/2014 10:49:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva

Error: (05/21/2014 01:07:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ofvpmj
tljkva


Microsoft Office Sessions:
=========================
Error: (05/21/2014 11:07:45 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3963455550-1951971532-3912676929-1000}/

Error: (05/21/2014 10:51:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2014 01:09:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-05-19 09:44:14.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 09:44:14.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 23:49:33.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 3993.05 MB
Available physical RAM: 2790.93 MB
Total Pagefile: 7984.28 MB
Available Pagefile: 6680.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:179.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 34DE6125)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#12 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 21 May 2014 - 11:33 AM

Hello Ally, 
 

freerip pro installed sucessfully without the need to re-register.

Very good.  :)
 
Your logs look great - only a few orphans need removing.  
 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S0 ofvpmj; No ImagePath
    S0 tljkva; No ImagePath
    Folder: C:\Windows\SysWOW64\SDA
    Folder: C:\Users\Allybongo\licenses
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • How is your computer performing?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#13 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 21 May 2014 - 12:01 PM

Hi Adam,My Pc is performing reasonably well although I do have around 77 processes running at the moment which I think maybe I could cut down on some of them but am unsure which to stop etc.

I also meant  to tell you earlier that I run Kaspersky Security Suite 2014 along with Malwarebytes Pro and

Sometimes I get the message MalwareBytes succesfully blocked outgoing to malicious website AVP.exe   which I thought was my Kaspersky suite calling home and am a bit puzzled by this.

Also in my malwarebytes quarantine folder I have two things sitting in there one is called PUP.Optional.Spigot.A   :

and the other is called PUP.Optional.Open.Candy.A

I also have my main pc folder which is named Allybongo on my desktop which was placed there after running RogueKiller.

 

Here are the results of the farbar fix :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Allybongo at 2014-05-21 18:48:51 Run:1
Running from C:\Users\Allybongo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 ofvpmj; No ImagePath
S0 tljkva; No ImagePath
Folder: C:\Windows\SysWOW64\SDA
Folder: C:\Users\Allybongo\licenses
end
*****************

C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
catchme => Service deleted successfully.
ofvpmj => Service deleted successfully.
tljkva => Service deleted successfully.

========================= Folder: C:\Windows\SysWOW64\SDA ========================

2011-01-17 15:55 - 2011-01-17 15:55 - 0084584 _____ ( O2Micro International) C:\Windows\SysWOW64\SDA\SDPA8220.dll

====== End of Folder: ======


========================= Folder: C:\Users\Allybongo\licenses ========================

2013-09-20 13:07 - 2013-09-20 13:07 - 0215542 _____ () C:\Users\Allybongo\licenses\LICENSE
2013-09-20 13:07 - 2013-09-20 13:07 - 0006025 _____ () C:\Users\Allybongo\licenses\NOTICE
2014-02-06 15:09 - 2014-02-06 15:09 - 0000000 ____D () C:\Users\Allybongo\licenses\.thumbnails
2014-02-06 15:09 - 2014-02-16 01:44 - 0000000 ____D () C:\Users\Allybongo\licenses\.thumbnails\normal

====== End of Folder: ======


==== End of Fixlog ====

 

 

btw thanks for providing the help!



#14 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 21 May 2014 - 03:39 PM

Hello Ally, 
 

I do have around 77 processes running at the moment which I think maybe I could cut down on some of them but am unsure which to stop etc.

We will sort this, don't worry. 
 

Sometimes I get the message MalwareBytes succesfully blocked outgoing to malicious website AVP.exe

Does the block look something like this?
 
Kaspersky Anti-virus intercepts all incoming and outgoing Internet traffic to look for infections. This makes Windows think it is Kaspersky initiating the connection and thus Malwarebytes Anti-Malware thinks the same.
 
Please open Malwarebytes, navigate to the Logs tab and locate a Protection Log that contains a block. Open the log, copy and paste the contents in your next reply. Do this before proceeding with the below instructions. 
 

Also in my malwarebytes quarantine folder I have two things sitting in there

Please open Malwarebytes and remove both items from the quarantine (by selecting each item and clicking Delete). 

 

I also have my main pc folder which is named Allybongo on my desktop which was placed there after running RogueKiller.

Right-click the folder and click Properties. Confirm the folder is a Shortcut (.lnk). If so, you can delete the folder. 
 
 
Whilst you already have Malwarebytes Anti-Malware (MBAM) installed, your version is outdated. Please follow the instructions to download, install and run the latest version of MBAM. You do not need to remove your current version of MBAM; the newest version will install on top, and will not affect your PRO license (hereinafter referred to as Premium license). 
 
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan will take a significant amount of time to complete. Please do not browse the Internet whilst your resident protection is disabled.

  • Please download ESET Online Scan and save the file to your desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then press Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Click Hide advanced settings. Your settings should match that of the image below.
  • Ensure Remove found threats is unchecked.
    3Crnyln.png
  • Allow virus signature database to download and for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Protection log
  • MBAM Scan log
  • ESET Online Scan log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#15 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 21 May 2014 - 04:09 PM

Hi Adam,

I accidentaly posted a farbar log instead of a mbytes  protection log and now that the new version is installed I don't know where to find the protection log.

 

Very sorry for the mistake

 

 

I have deleted both items in quarantine on the previous version.

 

when I right click on the Allybongo folder it does not come up properties but I noticed it has a create shortcut in the menu.

 

I am just starting on step 1 just now.


Edited by Ally, 21 May 2014 - 04:20 PM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users