Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 Ran by User (administrator) on USER-HP on 13-08-2014 14:33:52 Running from D:\ Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP) C:\Windows\System32\HPSIsvc.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe (Mitchell Repair Information Company, LLC) C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.ABS.exe (Mitchell Repair Information Company, LLC) C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.BCS.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] () HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-911742087-331405595-771432083-1000\...\MountPoints2: D - D:\SISetup.exe HKU\S-1-5-21-911742087-331405595-771432083-1000\...\MountPoints2: {41c29cd4-5091-11e3-ba41-806e6f6e6963} - D:\SISetup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS SearchScopes: HKLM - {1DAA62A3-2B7E-4108-9DB2-BC6DE6128A4D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS SearchScopes: HKLM-x32 - {1DAA62A3-2B7E-4108-9DB2-BC6DE6128A4D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {88ACA4E9-9A24-4C0E-AB18-402DDA986D92} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS SearchScopes: HKCU - {1DAA62A3-2B7E-4108-9DB2-BC6DE6128A4D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {43D73E40-2C40-454F-AF93-EC7B93DEF220} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms} BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn [2013-08-12] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn [2013-08-12] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\Extensions\Chrome.crx [2013-06-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 Mitchell1DataProtectionABS; C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.ABS.exe [43464 2013-02-14] (Mitchell Repair Information Company, LLC) R2 Mitchell1DataProtectionBCS; C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.BCS.exe [78792 2013-02-14] (Mitchell Repair Information Company, LLC) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [138760 2011-05-24] (Symantec Corporation) S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1135136 2012-10-15] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [1143416 2011-05-13] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [165512 2011-05-23] (Symantec Corporation) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-08-08] (GFI Software) S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] () R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVia64.sys [488056 2011-05-13] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-13] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120326.002\ENG64.SYS [117880 2012-03-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120326.002\EX64.SYS [2048632 2012-03-26] (Symantec Corporation) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS [721528 2011-05-20] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS [37496 2011-05-20] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1300000.080\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1300000.080\SYMEFA64.SYS [1083512 2011-05-16] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-06-19] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [189560 2011-05-16] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [396408 2011-05-09] (Symantec Corporation) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 16:52 - 2014-08-13 16:52 - 00000000 ____D () C:\Windows\system32\config\HiveBackup 2014-08-13 14:07 - 2014-08-13 14:33 - 00000000 ____D () C:\FRST 2014-08-13 14:05 - 2014-08-13 14:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lavasoft 2014-08-13 13:51 - 2014-08-13 13:51 - 00000000 __SHD () C:\found.001 2014-08-12 19:00 - 2014-08-12 19:02 - 00000000 ____D () C:\ProgramData\Recovery 2014-08-12 14:44 - 2014-08-12 14:44 - 00000000 ____D () C:\$Anvi Rescue Disk$ 2014-08-12 14:27 - 2014-08-12 14:27 - 00000000 ____D () C:\AdwCleaner 2014-08-12 14:26 - 2014-08-12 14:26 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog 2014-08-12 13:41 - 2014-08-12 14:32 - 00000000 ____D () C:\32788R22FWJFW 2014-08-12 13:41 - 2014-05-05 13:12 - 05199940 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe 2014-08-12 13:11 - 2014-08-12 13:11 - 00006736 ____N () C:\bootsqm.dat 2014-08-12 13:10 - 2014-08-12 13:10 - 00000000 __SHD () C:\found.000 2014-08-12 12:54 - 2014-08-12 12:54 - 00000000 ____D () C:\Users\User\Desktop\rkill 2014-08-08 11:33 - 2013-07-29 13:31 - 05616264 _____ (Lavasoft Limited) C:\2.exe 2014-08-08 10:06 - 2014-08-13 14:14 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-08-08 10:06 - 2014-08-08 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus 2014-08-08 10:05 - 2014-08-08 11:35 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe 2014-08-08 10:05 - 2014-08-08 11:35 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2014-08-08 10:05 - 2014-08-08 10:05 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-08-08 10:05 - 2014-08-08 10:05 - 00000000 ____D () C:\Program Files\Lavasoft 2014-08-08 10:05 - 2014-08-08 10:05 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-08-07 09:09 - 2014-08-08 11:43 - 00000000 ____D () C:\Users\MiTGuy\AppData\Local\CrashDumps 2014-08-07 09:08 - 2014-08-07 09:08 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E98F5047-E0D3-4CF4-886F-1F58DF331294} 2014-08-07 09:08 - 2014-08-07 09:08 - 00001411 _____ () C:\Users\MiTGuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-07 09:08 - 2014-08-07 09:08 - 00000000 ____D () C:\Users\MiTGuy\AppData\Roaming\Adobe 2014-08-07 08:56 - 2014-08-07 08:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-08-07 07:22 - 2014-08-12 08:52 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-08-06 11:52 - 2014-08-13 12:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-06 11:52 - 2014-08-08 09:41 - 00001032 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-06 11:52 - 2014-08-08 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-06 11:52 - 2014-08-08 09:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-06 11:52 - 2014-08-06 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 11:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-06 11:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-06 11:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-06 11:47 - 2014-08-07 09:06 - 00000000 ____D () C:\Users\MiTGuy 2014-08-06 11:47 - 2014-08-06 11:47 - 00000020 ___SH () C:\Users\MiTGuy\ntuser.ini 2014-08-06 11:47 - 2013-06-19 14:27 - 00002315 _____ () C:\Users\MiTGuy\Desktop\MSN.lnk 2014-08-06 11:47 - 2013-06-19 14:16 - 00000000 ___HD () C:\Users\MiTGuy\Documents\hp.system.package.metadata 2014-08-06 11:47 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\MiTGuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-06 11:47 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\MiTGuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-06 11:15 - 2014-08-13 14:05 - 00000000 ____D () C:\Program Files\HitmanPro 2014-08-06 11:14 - 2014-08-12 13:36 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-08-06 11:12 - 2014-08-06 11:41 - 00000000 ____D () C:\Users\Administrator 2014-08-06 11:12 - 2014-08-06 11:12 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-08-06 11:12 - 2013-06-19 14:27 - 00002315 _____ () C:\Users\Administrator\Desktop\MSN.lnk 2014-08-06 11:12 - 2013-06-19 14:16 - 00000000 ___HD () C:\Users\Administrator\Documents\hp.system.package.metadata 2014-08-06 11:12 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-06 11:12 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-06 11:00 - 2014-08-06 11:20 - 11188736 _____ (SurfRight B.V.) C:\hitmanpro_x64.exe 2014-08-06 10:10 - 2014-08-06 10:10 - 17292760 _____ (Malwarebytes Corporation ) C:\1.exe.exe 2014-08-06 09:49 - 2014-08-06 09:49 - 00000000 ____D () C:\Windows\pss 2014-08-05 14:40 - 2014-08-05 15:20 - 00000000 ___HD () C:\Users\Public\Documents\Report 2014-08-01 21:06 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-01 21:06 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-01 21:06 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-01 21:06 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-01 21:05 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-01 21:05 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-01 21:05 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-01 21:05 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-01 21:05 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-01 21:05 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-01 21:05 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-01 21:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-01 21:05 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-01 21:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-31 14:37 - 2014-07-31 14:38 - 00001264 _____ () C:\Windows\SKSM20.ini 2014-07-31 14:37 - 2014-07-31 14:37 - 00001543 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Shopkey Management 32 Program.lnk 2014-07-31 14:37 - 2014-07-31 14:37 - 00001537 _____ () C:\Users\Public\Desktop\Shopkey Management 32 Program.lnk 2014-07-31 14:35 - 2013-01-22 15:14 - 00300659 _____ (Mitchell1 ) C:\Users\User\Desktop\SKMID3.exe 2014-07-31 14:14 - 2014-07-31 14:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 16:52 - 2014-08-13 16:52 - 00000000 ____D () C:\Windows\system32\config\HiveBackup 2014-08-13 14:33 - 2014-08-13 14:07 - 00000000 ____D () C:\FRST 2014-08-13 14:21 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-13 14:21 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-13 14:18 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-13 14:17 - 2013-08-12 06:44 - 01833714 _____ () C:\Windows\WindowsUpdate.log 2014-08-13 14:14 - 2014-08-08 10:06 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-08-13 14:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-13 14:14 - 2009-07-14 00:51 - 00038425 _____ () C:\Windows\setupact.log 2014-08-13 14:05 - 2014-08-13 14:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lavasoft 2014-08-13 14:05 - 2014-08-06 11:15 - 00000000 ____D () C:\Program Files\HitmanPro 2014-08-13 14:04 - 2014-01-29 11:06 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-08-13 13:51 - 2014-08-13 13:51 - 00000000 __SHD () C:\found.001 2014-08-13 12:55 - 2014-08-06 11:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 12:55 - 2013-06-19 14:27 - 00000000 ____D () C:\ProgramData\PDFC 2014-08-13 12:54 - 2010-11-20 23:47 - 00152440 _____ () C:\Windows\PFRO.log 2014-08-12 19:02 - 2014-08-12 19:00 - 00000000 ____D () C:\ProgramData\Recovery 2014-08-12 14:44 - 2014-08-12 14:44 - 00000000 ____D () C:\$Anvi Rescue Disk$ 2014-08-12 14:32 - 2014-08-12 13:41 - 00000000 ____D () C:\32788R22FWJFW 2014-08-12 14:27 - 2014-08-12 14:27 - 00000000 ____D () C:\AdwCleaner 2014-08-12 14:26 - 2014-08-12 14:26 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog 2014-08-12 13:36 - 2014-08-06 11:14 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-08-12 13:11 - 2014-08-12 13:11 - 00006736 ____N () C:\bootsqm.dat 2014-08-12 13:10 - 2014-08-12 13:10 - 00000000 __SHD () C:\found.000 2014-08-12 12:54 - 2014-08-12 12:54 - 00000000 ____D () C:\Users\User\Desktop\rkill 2014-08-12 12:36 - 2013-06-19 14:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-12 11:55 - 2013-11-20 11:15 - 00000000 ____D () C:\Users\AAx-DPR-SrvAcct 2014-08-12 09:16 - 2013-08-12 08:57 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA5A839B-C9CA-42E4-A268-F2786513429F} 2014-08-12 08:52 - 2014-08-07 07:22 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-08-08 11:43 - 2014-08-07 09:09 - 00000000 ____D () C:\Users\MiTGuy\AppData\Local\CrashDumps 2014-08-08 11:35 - 2014-08-08 10:05 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe 2014-08-08 11:35 - 2014-08-08 10:05 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2014-08-08 11:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-08-08 10:06 - 2014-08-08 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus 2014-08-08 10:05 - 2014-08-08 10:05 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-08-08 10:05 - 2014-08-08 10:05 - 00000000 ____D () C:\Program Files\Lavasoft 2014-08-08 10:05 - 2014-08-08 10:05 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-08-08 09:41 - 2014-08-06 11:52 - 00001032 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-08 09:41 - 2014-08-06 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-08 09:41 - 2014-08-06 11:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-08-07 09:09 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-07 09:08 - 2014-08-07 09:08 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E98F5047-E0D3-4CF4-886F-1F58DF331294} 2014-08-07 09:08 - 2014-08-07 09:08 - 00001411 _____ () C:\Users\MiTGuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-07 09:08 - 2014-08-07 09:08 - 00000000 ____D () C:\Users\MiTGuy\AppData\Roaming\Adobe 2014-08-07 09:06 - 2014-08-06 11:47 - 00000000 ____D () C:\Users\MiTGuy 2014-08-07 08:56 - 2014-08-07 08:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-08-06 11:52 - 2014-08-06 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 11:47 - 2014-08-06 11:47 - 00000020 ___SH () C:\Users\MiTGuy\ntuser.ini 2014-08-06 11:41 - 2014-08-06 11:12 - 00000000 ____D () C:\Users\Administrator 2014-08-06 11:20 - 2014-08-06 11:00 - 11188736 _____ (SurfRight B.V.) C:\hitmanpro_x64.exe 2014-08-06 11:12 - 2014-08-06 11:12 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-08-06 10:10 - 2014-08-06 10:10 - 17292760 _____ (Malwarebytes Corporation ) C:\1.exe.exe 2014-08-06 09:49 - 2014-08-06 09:49 - 00000000 ____D () C:\Windows\pss 2014-08-05 15:20 - 2014-08-05 14:40 - 00000000 ___HD () C:\Users\Public\Documents\Report 2014-07-31 14:39 - 2013-11-20 11:28 - 00000220 _____ () C:\Windows\picklist.ini 2014-07-31 14:38 - 2014-07-31 14:37 - 00001264 _____ () C:\Windows\SKSM20.ini 2014-07-31 14:37 - 2014-07-31 14:37 - 00001543 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Shopkey Management 32 Program.lnk 2014-07-31 14:37 - 2014-07-31 14:37 - 00001537 _____ () C:\Users\Public\Desktop\Shopkey Management 32 Program.lnk 2014-07-31 14:37 - 2013-11-20 11:21 - 00000092 _____ () C:\Windows\crw.ini 2014-07-31 14:37 - 2013-11-20 11:21 - 00000089 _____ () C:\Windows\mrid32 2014-07-31 14:37 - 2013-11-20 11:11 - 00000350 _____ () C:\Windows\CAS.INI 2014-07-31 14:37 - 2013-08-12 09:51 - 00000516 _____ () C:\Windows\MIREPAIR.INI 2014-07-31 14:37 - 2013-08-12 09:51 - 00000209 _____ () C:\Windows\ODBCINST.INI 2014-07-31 14:37 - 2013-08-12 09:17 - 00001018 _____ () C:\Windows\ODBC.INI 2014-07-31 14:31 - 2013-08-12 09:51 - 00001667 _____ () C:\Windows\SKSM20Demo.ini 2014-07-31 14:14 - 2014-07-31 14:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\HitmanPro.exe C:\Users\Administrator\AppData\Local\Temp\Kickstarter.exe C:\Users\User\AppData\Local\Temp\ComboFix.exe C:\Users\User\AppData\Local\Temp\HitmanPro.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-08 10:24 ==================== End Of Log ============================