Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

sound files not working - infection? [Solved]


  • This topic is locked This topic is locked
17 replies to this topic

#16 galaxy

galaxy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 24 August 2014 - 04:23 PM

OCD,

 

Computer sounds are okay and it seems to be working fine. Please see the FRST results posted below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by PersonnelPC (administrator) on PERSONNEL on 25-08-2014 03:18:34
Running from C:\Users\TEMP.Personnel\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteWMPMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-06-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Yahoo Messenger] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\TEMP.Personnel\AppData\Roaming\glister\nvm.dll"
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [Google+ Auto Backup] => C:\Users\TEMP.Personnel\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: G - "G:\autorun.exe" 
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: H - "H:\autorun.exe" 
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: {48bf6839-1683-11e4-bf5c-d89d677f9b55} - "G:\AutoRun.exe" 
Startup: C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 127.0.0.1:6006
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - {8BD39743-B836-4A60-8063-486CE254BA32} URL = http://www.amazon.co...s={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01086B81-491B-473D-AADE-BB9FA298A9FF}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TEMP.Personnel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\TEMP.Personnel\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Test Pilot - C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-09-20]
FF Extension: Adblock Plus - C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-23]
 
Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36424 2014-08-14] (Just Develop It)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-13] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-06] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 03:18 - 2014-08-25 03:18 - 00017012 _____ () C:\Users\TEMP.Personnel\Desktop\FRST.txt
2014-08-24 02:07 - 2014-08-24 02:07 - 00000000 ____D () C:\cd
2014-08-23 15:27 - 2014-08-23 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-22 04:01 - 2014-08-22 04:01 - 00001985 _____ () C:\Users\TEMP.Personnel\Desktop\ESETscan.txt
2014-08-20 03:59 - 2014-08-20 03:59 - 00042615 _____ () C:\Users\TEMP.Personnel\Downloads\captain-america-the-winter-soldier_english-960032.zip
2014-08-20 03:22 - 2014-08-20 03:22 - 01938256 _____ (BitTorrent Inc.) C:\Users\TEMP.Personnel\Downloads\uTorrent.exe
2014-08-20 03:17 - 2014-08-20 03:17 - 00004040 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-20 03:16 - 2014-08-20 03:17 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-08-20 03:16 - 2014-08-20 03:16 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-20 03:15 - 2014-08-20 03:15 - 00000415 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-20 03:14 - 2014-08-21 15:29 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent
2014-08-19 02:45 - 2014-08-19 02:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-19 02:42 - 2014-08-19 02:43 - 02347384 _____ (ESET) C:\Users\TEMP.Personnel\Downloads\esetsmartinstaller_enu.exe
2014-08-19 02:12 - 2014-08-25 03:15 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\FRST-OlderVersion
2014-08-18 15:56 - 2014-04-01 02:43 - 00079599 ____N () C:\Users\TEMP.Personnel\Downloads\The.Twilight.Saga.Breaking.Dawn.Part.2.2012.1080p.BRrip.x264.GAZ.YIFY.CHI.srt
2014-08-18 15:54 - 2014-08-18 15:54 - 00029477 _____ () C:\Users\TEMP.Personnel\Downloads\the-twilight-saga-5-breaking-dawn-part-2_english-887906.zip
2014-08-18 15:31 - 2013-12-20 17:34 - 00096951 ____N () C:\Users\TEMP.Personnel\Downloads\The.Twilight.Saga.Breaking.Dawn.Part.1.2011.720p.BluRay.x264.YIFY.srt
2014-08-18 15:30 - 2014-08-18 15:31 - 00033056 _____ () C:\Users\TEMP.Personnel\Downloads\the-twilight-saga-4-breaking-dawn-part-1_english-835968.zip
2014-08-17 19:40 - 2014-08-17 21:02 - 00000000 ___HD () C:\Users\TEMP.Personnel\Desktop\.picasaoriginals
2014-08-15 22:04 - 2014-08-15 22:21 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Singham Returns (2014) DvDScr Rip - XviD - [1CD] - Team IcTv Exclusive
2014-08-15 03:13 - 2014-07-16 03:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-15 03:10 - 2014-06-11 03:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:10 - 2014-06-11 03:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 02:08 - 2014-08-07 11:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 02:08 - 2014-08-07 08:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 00:07 - 2014-06-13 06:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 00:07 - 2014-06-13 06:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 00:06 - 2014-07-24 17:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 00:06 - 2014-07-24 17:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 00:06 - 2014-07-24 17:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 00:06 - 2014-07-24 17:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-15 00:06 - 2014-07-24 17:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 00:06 - 2014-07-24 17:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 00:06 - 2014-07-24 17:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 00:06 - 2014-07-24 15:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 00:06 - 2014-07-24 15:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 00:06 - 2014-07-24 15:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 00:06 - 2014-07-24 15:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 00:06 - 2014-07-24 15:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 00:06 - 2014-07-24 15:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 00:06 - 2014-07-24 15:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 00:06 - 2014-07-24 13:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-15 00:01 - 2014-07-16 04:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 00:01 - 2014-07-16 03:55 - 04035072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 00:01 - 2014-07-12 07:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 23:36 - 2014-06-05 22:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 23:36 - 2014-06-05 22:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-14 23:36 - 2014-06-05 22:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 23:36 - 2014-06-05 22:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 23:36 - 2014-06-05 22:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 23:36 - 2014-06-05 22:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 23:36 - 2014-06-05 18:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-14 23:36 - 2014-06-05 18:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 23:36 - 2014-06-05 18:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 23:36 - 2014-06-05 18:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 23:36 - 2014-06-05 18:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 23:34 - 2014-06-20 04:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 23:34 - 2014-06-20 03:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 23:32 - 2014-05-29 09:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-14 23:32 - 2014-05-08 06:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-14 19:48 - 2014-08-14 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 19:48 - 2014-08-14 19:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 19:48 - 2014-08-14 19:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 19:48 - 2014-08-14 19:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 19:48 - 2014-08-14 19:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 22:55 - 2014-08-12 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:53 - 2014-08-12 22:53 - 01016261 _____ (Thisisu) C:\Users\TEMP.Personnel\Desktop\JRT.exe
2014-08-12 22:47 - 2014-08-21 03:40 - 00000976 _____ () C:\Windows\PFRO.log
2014-08-12 22:32 - 2014-08-25 03:15 - 02103296 _____ (Farbar) C:\Users\TEMP.Personnel\Desktop\FRST64.exe
2014-08-11 23:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-11 23:04 - 2014-08-12 22:46 - 00000000 ____D () C:\AdwCleaner
2014-08-11 22:59 - 2014-08-11 23:03 - 01366203 _____ () C:\Users\TEMP.Personnel\Downloads\AdwCleaner.exe
2014-08-08 16:28 - 2014-08-25 03:18 - 00000000 ____D () C:\FRST
2014-08-07 23:07 - 2014-08-07 23:07 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Just Cause [Multi2][PC]
2014-08-07 20:33 - 2014-08-07 20:33 - 00012040 _____ () C:\Users\TEMP.Personnel\Downloads\hijackthis.log
2014-08-07 20:32 - 2014-08-07 20:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\TEMP.Personnel\Downloads\HiJackThis.exe
2014-08-07 20:29 - 2014-08-12 23:13 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\Fix Tools
2014-08-06 04:34 - 2014-08-06 04:34 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\ZqWare
2014-08-06 04:08 - 2014-08-06 04:15 - 00000000 ____D () C:\Program Files (x86)\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-06 04:07 - 2014-08-06 04:07 - 01166613 _____ () C:\Users\TEMP.Personnel\Downloads\ultravpn-install.exe
2014-08-06 03:41 - 2014-08-06 03:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\TEMP.Personnel\Downloads\rkill.com
2014-08-06 03:29 - 2014-08-21 15:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 03:29 - 2014-08-06 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-06 03:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 03:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-06 03:23 - 2014-08-06 03:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TEMP.Personnel\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 03:09 - 2014-08-06 03:10 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup (1).exe
2014-08-06 03:08 - 2014-08-06 03:08 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-08-06 03:07 - 2014-08-06 03:08 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup.exe
2014-07-30 15:43 - 2014-07-30 15:43 - 00028629 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]just.cause.multi2.pc.torrent
2014-07-29 10:55 - 2014-08-17 21:14 - 00002487 _____ () C:\Windows\setupact.log
2014-07-29 10:55 - 2014-07-29 10:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 22:49 - 2014-07-28 22:49 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 16:19 - 2014-08-24 23:40 - 01886171 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 04:04 - 2014-07-28 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 21:41 - 2014-07-27 23:12 - 839031107 ____R () C:\Users\TEMP.Personnel\Downloads\Hate.Story.2.2014.720p.DVDSCR.800MB.ShAaNiG.com.mkv
2014-07-26 01:48 - 2014-07-26 01:56 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\KICK (2014) [1CD] DVDSCR Rip Xvid Mp3 TeamTNT Exclusive
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 03:19 - 2014-08-25 03:18 - 00017012 _____ () C:\Users\TEMP.Personnel\Desktop\FRST.txt
2014-08-25 03:18 - 2014-08-08 16:28 - 00000000 ____D () C:\FRST
2014-08-25 03:15 - 2014-08-19 02:12 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\FRST-OlderVersion
2014-08-25 03:15 - 2014-08-12 22:32 - 02103296 _____ (Farbar) C:\Users\TEMP.Personnel\Desktop\FRST64.exe
2014-08-25 03:11 - 2013-03-27 18:16 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 03:10 - 2014-02-13 21:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 03:00 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-25 02:51 - 2013-07-18 15:13 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Skype
2014-08-24 23:40 - 2014-07-28 16:19 - 01886171 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 20:30 - 2014-02-05 14:45 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\glister
2014-08-24 20:20 - 2013-03-27 18:16 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 15:23 - 2012-07-26 12:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-24 02:07 - 2014-08-24 02:07 - 00000000 ____D () C:\cd
2014-08-23 19:19 - 2014-02-13 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-23 15:28 - 2014-08-23 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 10:16 - 2013-07-18 14:30 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7143298-5460-4070-8BD2-DB84241D0F0F}
2014-08-22 04:01 - 2014-08-22 04:01 - 00001985 _____ () C:\Users\TEMP.Personnel\Desktop\ESETscan.txt
2014-08-21 16:36 - 2013-03-17 01:33 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1781143609-4253824246-3402552693-1001
2014-08-21 15:59 - 2014-08-06 03:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 15:29 - 2014-08-20 03:14 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent
2014-08-21 03:41 - 2014-07-13 01:38 - 00423608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 03:41 - 2012-07-26 12:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 03:40 - 2014-08-12 22:47 - 00000976 _____ () C:\Windows\PFRO.log
2014-08-21 02:28 - 2013-08-08 18:48 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\vlc
2014-08-20 03:59 - 2014-08-20 03:59 - 00042615 _____ () C:\Users\TEMP.Personnel\Downloads\captain-america-the-winter-soldier_english-960032.zip
2014-08-20 03:22 - 2014-08-20 03:22 - 01938256 _____ (BitTorrent Inc.) C:\Users\TEMP.Personnel\Downloads\uTorrent.exe
2014-08-20 03:17 - 2014-08-20 03:17 - 00004040 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-20 03:17 - 2014-08-20 03:16 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-08-20 03:16 - 2014-08-20 03:16 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-20 03:15 - 2014-08-20 03:15 - 00000415 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-19 02:45 - 2014-08-19 02:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-19 02:43 - 2014-08-19 02:42 - 02347384 _____ (ESET) C:\Users\TEMP.Personnel\Downloads\esetsmartinstaller_enu.exe
2014-08-18 15:54 - 2014-08-18 15:54 - 00029477 _____ () C:\Users\TEMP.Personnel\Downloads\the-twilight-saga-5-breaking-dawn-part-2_english-887906.zip
2014-08-18 15:31 - 2014-08-18 15:30 - 00033056 _____ () C:\Users\TEMP.Personnel\Downloads\the-twilight-saga-4-breaking-dawn-part-1_english-835968.zip
2014-08-17 21:24 - 2012-07-26 12:28 - 00942994 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 21:22 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-17 21:14 - 2014-07-29 10:55 - 00002487 _____ () C:\Windows\setupact.log
2014-08-17 21:02 - 2014-08-17 19:40 - 00000000 ___HD () C:\Users\TEMP.Personnel\Desktop\.picasaoriginals
2014-08-15 22:21 - 2014-08-15 22:04 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Singham Returns (2014) DvDScr Rip - XviD - [1CD] - Team IcTv Exclusive
2014-08-15 03:37 - 2014-07-11 06:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 03:37 - 2012-07-26 13:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-15 03:36 - 2013-10-28 21:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 03:35 - 2013-07-26 20:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:28 - 2013-03-30 01:49 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 23:30 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 19:48 - 2014-08-14 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 19:48 - 2013-11-27 13:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 19:47 - 2014-08-14 19:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 19:47 - 2014-08-14 19:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 19:47 - 2014-08-14 19:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 19:47 - 2014-08-14 19:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 19:47 - 2013-08-10 23:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-14 18:15 - 2014-02-19 19:13 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 01:44 - 2014-03-31 19:16 - 00000654 ____H () C:\Users\TEMP.Personnel\Downloads\.picasa.ini
2014-08-12 23:42 - 2014-02-28 00:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 23:41 - 2013-03-27 22:18 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 23:13 - 2014-08-07 20:29 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\Fix Tools
2014-08-12 22:55 - 2014-08-12 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:53 - 2014-08-12 22:53 - 01016261 _____ (Thisisu) C:\Users\TEMP.Personnel\Desktop\JRT.exe
2014-08-12 22:47 - 2012-07-26 10:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-12 22:46 - 2014-08-11 23:04 - 00000000 ____D () C:\AdwCleaner
2014-08-11 23:03 - 2014-08-11 22:59 - 01366203 _____ () C:\Users\TEMP.Personnel\Downloads\AdwCleaner.exe
2014-08-10 02:35 - 2013-07-18 14:26 - 00000000 ____D () C:\Users\TEMP.Personnel
2014-08-08 09:14 - 2013-03-17 01:23 - 00000000 ____D () C:\Users\PersonnelPC
2014-08-08 09:13 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\registration
2014-08-07 23:07 - 2014-08-07 23:07 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Just Cause [Multi2][PC]
2014-08-07 20:54 - 2013-08-17 01:34 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-08-07 20:54 - 2013-08-17 01:34 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-08-07 20:33 - 2014-08-07 20:33 - 00012040 _____ () C:\Users\TEMP.Personnel\Downloads\hijackthis.log
2014-08-07 20:33 - 2013-07-18 14:30 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Local\VirtualStore
2014-08-07 20:32 - 2014-08-07 20:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\TEMP.Personnel\Downloads\HiJackThis.exe
2014-08-07 18:02 - 2014-06-06 16:20 - 00000000 ___HD () C:\Users\TEMP.Personnel\Downloads\.picasaoriginals
2014-08-07 11:33 - 2014-08-15 02:08 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 08:09 - 2014-08-15 02:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 04:34 - 2014-08-06 04:34 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\ZqWare
2014-08-06 04:15 - 2014-08-06 04:08 - 00000000 ____D () C:\Program Files (x86)\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-06 04:07 - 2014-08-06 04:07 - 01166613 _____ () C:\Users\TEMP.Personnel\Downloads\ultravpn-install.exe
2014-08-06 03:42 - 2014-08-06 03:41 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\TEMP.Personnel\Downloads\rkill.com
2014-08-06 03:29 - 2014-08-06 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 03:27 - 2014-08-06 03:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TEMP.Personnel\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 03:27 - 2013-04-23 18:23 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-06 03:27 - 2013-04-23 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-06 03:10 - 2014-08-06 03:09 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup (1).exe
2014-08-06 03:08 - 2014-08-06 03:08 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-08-06 03:08 - 2014-08-06 03:07 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup.exe
2014-08-06 03:08 - 2013-01-29 17:03 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-02 05:15 - 2014-07-11 06:20 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 05:15 - 2014-07-11 06:20 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-30 15:43 - 2014-07-30 15:43 - 00028629 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]just.cause.multi2.pc.torrent
2014-07-29 10:55 - 2014-07-29 10:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 22:49 - 2014-07-28 22:49 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 04:04 - 2014-07-28 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 01:36 - 2014-03-24 16:41 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Updated CV with address
2014-07-27 23:12 - 2014-07-27 21:41 - 839031107 ____R () C:\Users\TEMP.Personnel\Downloads\Hate.Story.2.2014.720p.DVDSCR.800MB.ShAaNiG.com.mkv
2014-07-27 01:37 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\rescache
2014-07-26 01:56 - 2014-07-26 01:48 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\KICK (2014) [1CD] DVDSCR Rip Xvid Mp3 TeamTNT Exclusive
 
Some content of TEMP:
====================
C:\Users\PersonnelPC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\CloudBackup8030.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\Quarantine.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\SRLDetectionLibrary3613883571079857827.dll
C:\Users\TEMP.Personnel\AppData\Local\Temp\Uninstall.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\vcredist_x64.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\vlc-2.1.5-win64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-21 03:28
 
==================== End Of Log ============================
 
Regards,
galaxy

    Advertisements

Register to Remove


#17 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 August 2014 - 01:20 AM

Hi galaxy,

Your log appears to be clean. :thumbup:  If you have no questions we can move onto the clean up phase and get you on your way.

We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Remove Disinfection Tools

  • Download Delfix
  • Tick the following boxes:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    Delfix_zpsbce6c60b.gif
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Update Internet Explorer:


=========================


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate windows and frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

CryptoPrevent_zps7ddc3ebd.jpg

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

  • Windows XP:
    Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
    If you are running Windows XP, please take the time to read the information provided at these links.
  • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
  • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#18 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 27 August 2014 - 11:34 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users