Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Potential Keylogger - Facebook hacked [Solved]

Started by tylenol_island , Mar 19 2014 01:29 PM

  • This topic is locked This topic is locked

#1
tylenol_island
Posted 19 March 2014 - 01:29 PM

tylenol_island

    Member

  • Member
  • PipPip
  • 38 posts
Hello,

Today I attempted to access my Facebook account, and Facebook notified me that it had locked my account due to a login from an unusual location (in another country). I'm especially concerned because a couple days back, I inadvertently clicked on a link which led me to a site called "Celeb Jihad" - it seems to be a very inappropriate site, and a web search I did indicated the site does have malware. I'm usually very careful with passwords, etc., so I'm led to believe that I have a keylogger. I keep my software updated using FileHippo, but I know there was a recent update to Java that I may have missed, so perhaps there's an exploit there... not sure, that's all speculation.

I've updated both MBAM and my antivirus, Avast! (free), and run a full scan using both programs - nothing was detected. Can one of you kind folks please have a look at my log and lend me a hand?

Thank you very much!
Tylenol

OTL logfile created on: 3/19/2014 2:03:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nougat\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 26.63% Memory free
8.20 Gb Paging File | 5.21 Gb Available in Paging File | 63.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.72 Gb Total Space | 176.91 Gb Free Space | 38.15% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.00 Gb Free Space | 50.18% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: NOUGAT-PC | User Name: Nougat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/19 14:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nougat\Downloads\OTL.exe
PRC - [2014/03/14 20:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/05 11:36:00 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/05 11:35:59 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/17 21:06:00 | 000,442,712 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2013/10/31 14:47:38 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/10/31 14:47:28 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/10/31 14:47:20 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2012/09/23 08:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/09/20 08:27:44 | 000,444,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2011/08/11 13:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/08/11 13:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011/07/19 19:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2010/01/15 10:48:46 | 000,238,080 | ---- | M] () -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
PRC - [2008/10/29 18:40:12 | 000,008,192 | ---- | M] (Alienware) -- C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe
PRC - [2008/10/29 18:40:08 | 000,079,872 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe
PRC - [2008/10/02 19:26:56 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2008/10/02 19:26:36 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2008/09/24 05:40:02 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2008/09/24 05:39:56 | 000,118,784 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2008/09/04 05:14:44 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\BeepApp.exe
PRC - [2008/08/06 21:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0415Mon.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/14 20:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/14 20:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 20:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 20:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 20:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/02/26 04:36:27 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/26 04:35:52 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/26 04:35:49 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/26 04:35:49 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/26 04:10:49 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/26 04:10:34 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/26 04:10:27 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/26 04:10:18 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/26 04:10:10 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 04:10:09 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/26 04:10:08 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/26 04:10:07 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/26 04:10:06 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/26 04:09:59 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 04:09:59 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/26 04:09:52 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 04:09:51 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 04:09:45 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 04:09:44 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 04:09:36 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 04:56:07 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/12 04:55:45 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/12 04:47:43 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/12 04:47:31 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:47:24 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/12 04:47:14 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5ee93fdf928109a9dc70ad2c96bb0a92\System.Data.ni.dll
MOD - [2014/02/12 04:47:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 04:47:04 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/02/12 04:46:49 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/02/12 04:46:37 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/02/12 04:46:33 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/12 04:46:26 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/10/16 08:05:19 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/10/28 18:43:12 | 000,019,968 | ---- | M] () -- C:\Program Files\Alienware\AlienFX\Alienlabs.CommandCenter.Tools.dll
MOD - [2008/10/28 17:16:14 | 000,059,392 | ---- | M] () -- C:\Program Files\Alienware\AlienFX\AlienLabsTools.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/05 11:35:59 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/11/16 16:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/11/16 16:27:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/01/15 10:48:46 | 000,238,080 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe -- (Killer Port Manager)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/15 04:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 17:25:27 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 15:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/09/23 08:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/02 19:26:36 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/05 11:36:08 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/05 11:36:08 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/05 11:36:08 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2014/02/05 11:36:07 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/02/05 11:36:07 | 000,064,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2013/12/23 17:14:34 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/15 02:37:32 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzp1endpt.sys -- (rzp1endpt)
DRV:64bit: - [2013/11/15 02:37:28 | 000,033,448 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2013/11/15 02:37:26 | 000,030,888 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzvmouse.sys -- (rzvmouse)
DRV:64bit: - [2013/11/15 02:37:24 | 000,030,888 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2013/11/15 02:37:24 | 000,014,504 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzmouhid.sys -- (rzmouhid)
DRV:64bit: - [2013/11/15 02:37:22 | 000,014,504 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzkbdhid.sys -- (rzkbdhid)
DRV:64bit: - [2013/11/15 02:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/10/16 08:05:24 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 15:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/11 00:20:26 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/05/06 05:21:40 | 000,122,384 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/15 10:37:06 | 000,127,008 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nv834x64.sys -- (Nv834x64)
DRV:64bit: - [2010/01/15 10:37:06 | 000,026,656 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NvEdge64.sys -- (NvEdge64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/03 21:01:00 | 000,336,448 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\V0415Vid.sys -- (V0415Vid)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/11/18 04:20:12 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/09/03 10:41:16 | 000,015,360 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\elrawdsk.sys -- (ElRawDisk)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2008/01/18 00:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/02 17:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/06/29 15:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2008/06/26 23:10:38 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...insDate02292012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Nougat\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/05 11:36:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/16 02:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/18 13:15:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2009/04/14 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nougat\AppData\Roaming\Mozilla\Extensions
[2014/03/06 07:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\extensions
[2010/04/29 07:17:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/02/22 15:11:37 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2013/12/01 19:39:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/03/06 07:34:50 | 001,393,079 | ---- | M] () (No name found) -- C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\extensions\[email protected]
[2014/03/06 07:34:52 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/16 02:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/19 10:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/19 10:49:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/05 11:36:10 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/08/11 13:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/08/11 00:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/08/11 13:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/08/11 13:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/08/11 13:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/08/11 00:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/02/29 19:22:58 | 000,001,692 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml
[2011/10/15 19:31:05 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Nougat\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/03/19 10:05:27 | 000,000,054 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.254.2 mykillernic
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627034902.dll File not found
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627034902.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Live! Central 2] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Nougat\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [TSMApplication] C:\Users\Public\Games\World of Warcraft\TSM\TSMApplication.exe ()
O4 - Startup: C:\Users\Nougat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D42C3F-DC26-48CB-B95E-05FE70123474}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA2B342E-4F87-44EA-B31B-EDF058C5AD28}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nougat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nougat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/19 10:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/04 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/04 21:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/04 21:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/04 21:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/04 21:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/02/25 04:05:04 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2009/06/23 18:51:30 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Nougat\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/19 14:00:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/19 14:00:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/19 13:42:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/19 13:41:59 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/03/19 13:25:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/19 10:49:20 | 000,000,914 | ---- | M] () -- C:\Users\Nougat\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/19 10:49:20 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/19 10:17:00 | 000,000,680 | ---- | M] () -- C:\Users\Nougat\AppData\Local\d3d9caps.dat
[2014/03/19 10:16:55 | 000,000,160 | ---- | M] () -- C:\Users\Nougat\AppData\Local\Bandwidth.xml
[2014/03/19 10:16:53 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/19 10:11:10 | 000,761,630 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/19 10:11:10 | 000,642,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/19 10:11:10 | 000,119,932 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/19 10:04:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/18 17:41:59 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/03/16 18:52:11 | 000,001,696 | ---- | M] () -- C:\Users\Nougat\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2014/03/16 06:13:11 | 000,000,967 | ---- | M] () -- C:\Users\Nougat\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2014/03/16 06:13:11 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2014/03/16 00:24:25 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/12 03:25:11 | 001,951,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/04 21:50:57 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/02/26 04:04:09 | 000,752,894 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/16 18:52:11 | 000,001,696 | ---- | C] () -- C:\Users\Nougat\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2014/03/16 06:13:11 | 000,000,967 | ---- | C] () -- C:\Users\Nougat\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2014/03/04 21:50:57 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/01 23:15:34 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2013/01/11 02:51:53 | 000,752,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/24 18:46:29 | 000,001,514 | ---- | C] () -- C:\Users\Nougat\AppData\Local\removeexceptions
[2012/09/24 18:46:29 | 000,001,514 | ---- | C] () -- C:\Users\Nougat\AppData\Local\exceptions
[2012/09/24 18:17:14 | 000,000,160 | ---- | C] () -- C:\Users\Nougat\AppData\Local\Bandwidth.xml
[2012/09/24 17:58:41 | 000,002,651 | ---- | C] () -- C:\Users\Nougat\AppData\Local\KillerWallConfig.xml
[2012/09/24 17:49:52 | 000,000,002 | ---- | C] () -- C:\Users\Nougat\AppData\Local\menu.old
[2011/06/30 16:01:04 | 000,000,732 | ---- | C] () -- C:\Users\Nougat\AppData\Local\d3d9caps64.dat
[2010/01/10 03:32:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/02 00:45:34 | 000,000,680 | ---- | C] () -- C:\Users\Nougat\AppData\Local\d3d9caps.dat
[2009/08/25 04:17:38 | 000,005,120 | ---- | C] () -- C:\Users\Nougat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/14 18:00:11 | 000,000,586 | ---- | C] () -- C:\Users\Nougat\AppData\Local\menu.new
[2009/04/14 18:00:11 | 000,000,586 | ---- | C] () -- C:\Users\Nougat\AppData\Local\menu.bfm

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWow64\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2013/10/19 08:04:06 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\AVAST Software
[2012/09/23 15:11:31 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\BitTorrent
[2011/03/15 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/23 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\CrystalIdea Software
[2013/04/04 13:22:28 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\Curse Advertising
[2010/04/01 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\Facebook
[2009/11/24 08:35:02 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\Folding@home-gpu
[2012/02/15 13:05:52 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\ICAClient
[2009/04/14 19:02:56 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\iolo
[2011/06/24 20:58:48 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\Mumble
[2014/01/17 21:49:17 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\openvr
[2009/08/30 00:01:05 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\Stardock
[2013/08/24 22:34:12 | 000,000,000 | ---D | M] -- C:\Users\Nougat\AppData\Roaming\TradeSkillMaster

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:502D809E

< End of report >
  • 0

Advertisements

#2
Dakeyras
Posted 21 March 2014 - 03:07 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Virus, Spyware, Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

D Drive Query:

Regarding the below:-

Drive D: | 2.00 Gb Total Space | 1.00 Gb Free Space | 50.18% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Is this a actual partition on the main drive and or a USB drive ? If unsure not a problem and I can check if any further information is denoted about this in the RogueKiller log.

Download/run Rkill:

(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Post the log created, found on the desktop rkill.txt. in your next reply.
Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs.
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
  • Please post the contents of the RKreport.txt in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered ?
  • Answer to my D Drive Query(if able).
  • RKill Log.
  • RogueKiller Log.

  • 0

#3
tylenol_island
Posted 21 March 2014 - 12:23 PM

tylenol_island

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Dakeyras,

Thanks very much for your assistance! I'll get right down to business:

1. Computer is performing fine. I haven't noticed any further symptoms or problems, but I haven't used it much because of the nature of my suspicions (keylogger).

2. I believe the D Drive is part of a promotion I received when I purchased the computer some years ago. I could be wrong, but I believe it is a virtual drive used meant to be used for file recovery. I've never consciously used it. I'm not aware of any additional hardware, and I have no thumb drive or other external storage attached.

3. RKill Log (it should be noted that I accidentally ran this again after running the RogueKiller scan, so I cut it short, but it still overrwrote the original log. So, what you see below is a log that was run AFTER RogueKiller):

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 03/21/2014 01:56:02 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\BeepApp.exe (PID: 5316) [WD-HEUR]
* C:\Users\Eddie\Desktop\RogueKiller.exe (PID: 1060) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WMPNetworkSvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
192.168.254.2 mykillernic

Program finished at: 03/21/2014 01:56:17 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

4. RogueKiller Log:

RogueKiller V8.8.12 [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Eddie [Admin rights]
Mode : Scan -- Date : 03/21/2014 13:41:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Skytel (Skytel.exe [7]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (:0 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
192.168.254.2 mykillernic


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD50 00AAKS-75A7B2 SCSI Disk Device +++++
--- User ---
[MBR] d0e4ab3e556c9d2ca63b36e235090140
[BSP] e4f1a3792e18a93ded96ab613143948a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 2048 MB
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4276224 | Size: 474851 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_03212014_134153.txt >>
  • 0

#4
Dakeyras
Posted 21 March 2014 - 02:48 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks very much for your assistance!

You're welcome!

1. Computer is performing fine. I haven't noticed any further symptoms or problems, but I haven't used it much because of the nature of my suspicions (keylogger).

Acknowledged.

2. I believe the D Drive is part of a promotion I received when I purchased the computer some years ago. I could be wrong, but I believe it is a virtual drive used meant to be used for file recovery. I've never consciously used it. I'm not aware of any additional hardware, and I have no thumb drive or other external storage attached.

OK, it appears it is probably related to something pre-installed by the vendor Dell. Most likely the Dell Utility Partition for running system diagnostics etc.

3. RKill Log (it should be noted that I accidentally ran this again after running the RogueKiller scan, so I cut it short, but it still overrwrote the original log. So, what you see below is a log that was run AFTER RogueKiller):

Not a problem.

How to create a Secure Password:

When creating a new password use a series of both random upper/lower case letters and include some random alpha numeric's also.

A example would be: THi85S13IsA7Eg4u2tWMg4r <-- Do not use this one tylenol_island , merely a invented example for yourself.

This is a good test for the strength of any passwords created: Password Checker

Note: Do not reset anything until I give the all clear.

Submit a File for Analysis:

Please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:- 

http://www.geekstogo.com/forum/topic/337978-potential-keylogger-facebook-hacked-please-assist/
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Windows\SysWOW64\BeepApp.exe

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Re-scan with RogueKiller:

Run the scan again as outlined prior and it will create a new log called RKreport[0].txt. I actually have no need to review this one...

Note: If RogueKiller open a browser window, it may have done so last time...merely close it.

After the scan is complete, deselect these items only(if present):-

[RUN][SUSP PATH] HKLM\[...]\Run : Skytel (Skytel.exe [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Do leave the following selected though:-

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (:0 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

And then click on the Delete button. If you actually set the above proxy yourself skip the this step >> wait for the delete option to be processed and then click on the Fix Hosts button.

Post the relevant new logs created in your next reply for my review please.
  • 0

#5
tylenol_island
Posted 21 March 2014 - 04:23 PM

tylenol_island

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks again, Dakeyras.

I've submitted the requested file for analysis to your file submission channel. On re-scan from RogueKiller, please note that the item you instructed me to delete came up under the Proxy tab (I did de-select the registry values in the "Registry" tab as directed). When I selected the proxy and hit "Delete", RogueKiller informed me that it wasn't removed and instructed me to use the "Fix Proxy" button. I did so, and now the item is listed as "DELETED" in the RogueKiller window. FYI, I did not set this proxy myself. A follow-up scan in RogueKiller no longer showed the proxy in question.

Were the password instructions you provided just an FYI? I haven't changed any passwords on that machine yet, though I did change my Facebook password from another machine before posting here on GTG.

As no additional logs were requested, I haven't posted any. I will await further instruction.

Best regards,
  • 0

#6
Dakeyras
Posted 21 March 2014 - 06:57 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I've submitted the requested file for analysis to your file submission channel.

Thank you, all appears to be fine and no further action is required with regard to the file in question at this time.

On re-scan from RogueKiller, please note that the item you instructed me to delete came up under the Proxy tab (I did de-select the registry values in the "Registry" tab as directed). When I selected the proxy and hit "Delete", RogueKiller informed me that it wasn't removed and instructed me to use the "Fix Proxy" button. I did so, and now the item is listed as "DELETED" in the RogueKiller window. FYI, I did not set this proxy myself. A follow-up scan in RogueKiller no longer showed the proxy in question.


As no additional logs were requested, I haven't posted any. I will await further instruction.

OK that is fine with regards to all...

Were the password instructions you provided just an FYI?

Correct, lets proceed as follows shall we...

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to your Desktop.

  • Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

  • 0

#7
tylenol_island
Posted 21 March 2014 - 07:29 PM

tylenol_island

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.


Thanks again for the quick replies! I've included both logs below:

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Nougat at 2014-03-21 21:12:16
Running from C:\Users\Nougat\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AlienFX for XPS (HKLM-x32\...\InstallShield_{8A4C2871-D235-4379-96A5-EE228D7F251F}) (Version: - )
AlienFX for XPS (Version: 1.0.36.0 - Alienware Corp.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
AMD Fusion for Gaming 1.0 (HKLM-x32\...\{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}) (Version: 1.0.0 - AMD)
AMD OverDrive (HKLM-x32\...\{B41069C7-7E24-473F-B400-BF48B82D9948}) (Version: 2.1.5.0218 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.0917.337.4556 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1104.959.17837 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2008.0917.337.4556 - ATI) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.0.0.56418 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Comcast Desktop Software (v1.2.1) (HKLM-x32\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
Comcast High-Speed Internet Install Wizard (HKLM-x32\...\ComcastHSI) (Version: - Comcast Cable Communications, LLC)
Complete Care Consumer Service Agreement (HKLM-x32\...\{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}) (Version: 2.0.0 - Dell Inc.)
Creative Live! Cam Video IM Ultra (VF0415) (1.01.03.00) (HKLM\...\Creative VF0415) (Version: - )
Creative Live! Central 2 (HKLM-x32\...\Creative Live! Central 2) (Version: 2.00.03 - Creative Technology Ltd)
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
Demigod Demo (x32 Version: 1.10 - Stardock Entertainment, Inc.) Hidden
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Impulse (HKLM-x32\...\Impulse) (Version: 1.0 - Stardock)
Impulse (x32 Version: 1.0 - Stardock Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
Killer Driver (HKLM-x32\...\{7FC07A07-0345-4B08-BBFE-43885A58253C}) (Version: 2.00.0000 - Bigfoot Networks)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (HKLM\...\{3C28BFD4-90C7-3138-87EF-418DC16E9598}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (HKLM\...\{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (HKLM-x32\...\{6C772996-BFF3-3C8C-860B-B3D48FF05D65}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (HKLM-x32\...\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.1.2.444 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QualXServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
RAIDXpert (HKLM-x32\...\{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1540.18 - AMD)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype web features (HKLM-x32\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.5.3.23260 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.19.44 - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.4.0 - Flagship Industries, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.4.0.17371 - Blizzard Entertainment)
XPS Thermal Monitor (HKLM-x32\...\InstallShield_{C0B50C99-24B0-4728-A82E-8A69DCC31A7E}) (Version: - )
XPS Thermal Monitor (Version: 1.0.0.11 - Dell) Hidden

==================== Restore Points =========================

04-02-2014 06:52:22 Windows Update
05-02-2014 15:33:47 avast! antivirus system restore point
11-02-2014 06:50:23 Windows Update
12-02-2014 08:00:13 Windows Update
16-02-2014 08:00:11 Windows Update
21-02-2014 06:38:31 Windows Update
25-02-2014 06:38:29 Windows Update
25-02-2014 08:00:13 Windows Update
26-02-2014 08:00:11 Windows Update
04-03-2014 07:25:26 Windows Update
11-03-2014 06:14:30 Windows Update
12-03-2014 07:00:25 Windows Update
16-03-2014 03:43:33 Windows Update
19-03-2014 14:08:49 Windows Update
19-03-2014 14:42:43 Installed Java 8 (64-bit)

==================== Hosts content: ==========================

2006-11-02 08:34 - 2014-03-19 10:05 - 00000054 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
192.168.254.2 mykillernic


==================== Scheduled Tasks (whitelisted) =============

Task: {09A13DCB-02E5-4077-8559-0EF376CB1C15} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {40FE5F92-709F-475A-8606-144EECA7BFAD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-05] (AVAST Software)
Task: {435FB19F-BCB9-4BE1-887D-D0FF1E90E15D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {461EB649-4133-47E7-9BE3-777B2B6DC27A} - System32\Tasks\{165B0E41-C3A7-4593-92AC-2A1AB4155BDC} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {554C17BC-1CE4-43AA-AFB5-034C1F382CAE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {563146AB-F988-4B35-BE1A-E7948EC88067} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {61A2D749-EAB1-4ECB-975C-CA1D00128D1D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {65BE7F11-3E9D-4B1B-BDC5-9C81F290F84F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9A231ECD-BE7E-4651-A016-97D2B79BFBF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FD899BF1-6790-4DCC-A11B-7DF5FBCF1BF6} - System32\Tasks\AdobeAAMUpdater-1.0-Nougat-PC-Nougat => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-10-02 19:26 - 2008-10-02 19:26 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2012-09-24 17:58 - 2010-01-15 10:48 - 00238080 _____ () C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
2012-11-16 15:37 - 2012-11-16 15:37 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2013-10-31 14:47 - 2013-10-31 14:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2012-11-16 16:27 - 2012-11-16 16:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-11-16 16:09 - 2012-11-16 16:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2008-09-04 05:14 - 2008-09-04 05:14 - 00049152 _____ () C:\Windows\SysWOW64\BeepApp.exe
2014-03-21 13:24 - 2014-03-21 06:44 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032100\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-10-28 17:16 - 2008-10-28 17:16 - 00059392 _____ () C:\Program Files\Alienware\AlienFX\AlienLabsTools.dll
2008-10-28 18:43 - 2008-10-28 18:43 - 00019968 _____ () C:\Program Files\Alienware\AlienFX\Alienlabs.CommandCenter.Tools.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-10-16 08:05 - 2013-10-16 08:05 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:502D809E

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell PC TuneUp Startup => "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
MSCONFIG\startupreg: Desktop Software => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (03/21/2014 08:33:57 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


System errors:
=============
Error: (03/19/2014 10:05:38 AM) (Source: Service Control Manager) (User: )
Description: Beep
ElRawDisk

Error: (03/19/2014 10:05:38 AM) (Source: Service Control Manager) (User: )
Description: cpuz134%%2

Error: (03/19/2014 10:04:42 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:19:35 PM on 3/18/2014 was unexpected.

Error: (03/15/2014 11:39:41 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (03/15/2014 11:31:23 PM) (Source: Service Control Manager) (User: )
Description: Beep
ElRawDisk

Error: (03/15/2014 11:31:23 PM) (Source: Service Control Manager) (User: )
Description: cpuz134%%2

Error: (03/12/2014 03:26:32 AM) (Source: Service Control Manager) (User: )
Description: Beep
ElRawDisk

Error: (03/12/2014 03:26:32 AM) (Source: Service Control Manager) (User: )
Description: cpuz134%%2

Error: (03/05/2014 00:45:51 AM) (Source: Service Control Manager) (User: )
Description: Beep
ElRawDisk

Error: (03/05/2014 00:45:51 AM) (Source: Service Control Manager) (User: )
Description: cpuz134%%2


Microsoft Office Sessions:
=========================
Error: (05/30/2013 07:43:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-03-19 13:41:45.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:44.939
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:44.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:43.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:42.451
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:41.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:11.651
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:10.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:09.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-19 13:41:09.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 4083.62 MB
Available physical RAM: 1671.57 MB
Total Pagefile: 8391.74 MB
Available Pagefile: 5765.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:463.72 GB) (Free:181.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D8000000)

Partition: GPT Partition Type.

==================== End Of Log ============================




FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nougat (administrator) on NOUGAT-PC on 21-03-2014 21:11:44
Running from C:\Users\Nougat\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
() C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Alienware Corporation) C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Bigfoot Networks, Inc.) C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
(Creative Technology Ltd.) C:\Windows\V0415Mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Alienware) C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\AlienFX\AlienFXHook64Mngr.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\SysWOW64\BeepApp.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2008-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6430208 2008-11-17] (Realtek Semiconductor)
HKLM\...\Run: [AlienFX Controller] - C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe [79872 2008-10-29] (Alienware Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [V0415Mon.exe] - C:\Windows\V0415Mon.exe [28672 2008-08-06] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Live! Central 2] - C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe [422035 2009-08-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-05] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [Google+ Auto Backup] - C:\Program Files (x86)\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\.DEFAULT\...\Run: [Google Update] - "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2750346781-2369543910-3570812595-1000\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2750346781-2369543910-3570812595-1000\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2750346781-2369543910-3570812595-1000\...\Run: [Akamai NetSession Interface] - "C:\Users\Nougat\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2750346781-2369543910-3570812595-1000\...\Run: [TSMApplication] - C:\Users\Public\Games\World of Warcraft\TSM\TSMApplication.exe [2656768 2013-11-15] ()
HKU\S-1-5-21-2750346781-2369543910-3570812595-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2750346781-2369543910-3570812595-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
Startup: C:\Users\Nougat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...insDate02292012
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKCU - Comcast URL = http://search.xfinit...art_tech_search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627034902.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627034902.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default
FF Homepage: www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Nougat\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-29]
FF Extension: FT DeepDark - C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-22]
FF Extension: WOT - C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Ghostery - C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\Extensions\[email protected] [2013-08-02]
FF Extension: Adblock Plus - C:\Users\Nougat\AppData\Roaming\Mozilla\Firefox\Profiles\bbo2yc23.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-23]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2013-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Nougat\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-07]
CHR Extension: (Google Drive) - C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-07]
CHR Extension: (YouTube) - C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-07]
CHR Extension: (Google Search) - C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-07]
CHR Extension: (Google Wallet) - C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Gmail) - C:\Users\Nougat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-07]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-05] (AVAST Software)
R2 Killer Port Manager; C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe [238080 2010-01-15] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-05] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-02-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-02-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-23] ()
S1 Beep; No ImagePath
S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
S1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [15360 2008-09-03] (EldoS Corporation)
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-18] (Razer USA Ltd.)
R3 Nv834x64; C:\Windows\System32\DRIVERS\nv834x64.sys [127008 2010-01-15] (Bigfoot Networks, Inc.)
R3 NvEdge64; C:\Windows\System32\DRIVERS\NvEdge64.sys [26656 2010-01-15] (Bigfoot Networks, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2013-11-15] (Razer Inc)
R3 rzkbdhid; C:\Windows\System32\DRIVERS\rzkbdhid.sys [14504 2013-11-15] (Razer Inc)
R3 rzmouhid; C:\Windows\System32\DRIVERS\rzmouhid.sys [14504 2013-11-15] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39080 2013-11-15] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30888 2013-11-15] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30888 2013-11-15] (Razer Inc)
S3 V0415Vid; C:\Windows\System32\DRIVERS\V0415Vid.sys [336448 2009-08-03] (Creative Technology Ltd.)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [32240 2008-06-26] (Cyberlink Corp.)
S2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys 2BA159E1F9FD75F6A496742B20F1D9CF
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\System32\drivers\ahcix64s.sys 97DD49CCDB89A22CFCEA78B29D393D87
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 9544C2C55541C0C6BFD7B489D0E7D430
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\System32\DRIVERS\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\System32\DRIVERS\atikmdag.sys 5B871F3E4A4A6C4693A413E3138B51D0
C:\Windows\System32\DRIVERS\atikmpag.sys 9BE1140CE8D2C5E878F136A7B85D41B3
C:\Windows\System32\DRIVERS\AmdLLD64.sys F5761675DA9D15D7AE0E40907A8F4404
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\system32\drivers\aswMonFlt.sys 0ACC3F49015E628590CA4372322EB46B
C:\Windows\system32\drivers\aswRdr.sys 7915F41A733A351044CB08253C5E452F
C:\Windows\System32\Drivers\aswRvrt.sys C04F7B373881009D7994D9BF55D24AB4
C:\Windows\system32\drivers\aswSnx.sys 43599E630DFC30AD4E6A2B4B269EB1C0
C:\Windows\system32\drivers\aswSP.sys F22DE5F5BA8ADA0A861441B624B51EB5
C:\Windows\system32\drivers\aswTdi.sys A01226806C99EA9E79B876B0FEB46A52
C:\Windows\System32\Drivers\aswVmm.sys 90399625F341AB76BA4B85A5E860EB1F
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\drivers\AtihdLH6.sys 917692CDF8E1CE00D9752FA40615338B
C:\Windows\System32\drivers\AtiHdmi.sys 6831C91C74AFC9F1D88E1CCCABADA12B
C:\Windows\System32\DRIVERS\atikmdag.sys 5B871F3E4A4A6C4693A413E3138B51D0
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ctxusbm.sys BF62FF663AE55E4ED99DE76881C2C0F1
C:\Windows\System32\drivers\dadder.sys 5BC67F1EFB6B1D039B151CF7353EC742
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 0A3C78677FF62E9E0AE7CC25C790A968
C:\Windows\System32\DRIVERS\e1e6032e.sys 17D40652EF3E55EEAE187A89DF40965A
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Windows\system32\drivers\elrawdsk.sys AE7991C4F6502DF933C4882EA964188D
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1A4BEE34277784619DDAF0422C0C6E23
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\HdAudio.sys 68E732382B32417FF61FD663259B4B09
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys 46CB3ABE8150E7B181E86D4906DE17E8
C:\Windows\system32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys 88956AD9FA510848AD176777A6C6C1F5
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\System32\drivers\Lycosa.sys E5ECF40E5FD459141E5F6685FFD51804
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68D
C:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632
C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3
C:\Windows\system32\drivers\msahci.sys 730B784962D22D2C6481EAE2370E7C8C
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\System32\DRIVERS\nv834x64.sys FA79DF37EB2E347B30A103B3CA197796
C:\Windows\System32\DRIVERS\NvEdge64.sys EF5ED75EEE4852EFC87035A4C4FEC29E
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\system32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\drivers\pciide.sys 2657F6C0B78C36D95034BE109336E382
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\System32\Drivers\PxHlpa64.sys 07D57B890DD5693A6AB660CBAE8F91B4
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\atikmdag.sys 5B871F3E4A4A6C4693A413E3138B51D0
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\DRIVERS\Rtlh64.sys B263B3AEBCDE2210D1CC25756601B8EA
C:\Windows\System32\DRIVERS\rzdaendpt.sys D1AAC2E5DF223676CD9B777F56FBB3F3
C:\Windows\System32\DRIVERS\rzkbdhid.sys 6FE25FAB2BFBDFD9C7D3174AA9B4A8A4
C:\Windows\System32\DRIVERS\rzmouhid.sys 083CD4F4914BD4567119AC5EF78C71E5
C:\Windows\System32\DRIVERS\rzp1endpt.sys 4C50375EA97C6FB3988C228C2A0567C5
C:\Windows\System32\DRIVERS\rzudd.sys 2ABDAE282DBC2D2FB11144184517F850
C:\Windows\System32\DRIVERS\rzvkeyboard.sys B61649A2EDE44FA37D668EB4165FA40F
C:\Windows\System32\DRIVERS\rzvmouse.sys 08AAB23C190DFFA9AF15925C5C1B6348
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222
C:\Windows\system32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929C
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\drivers\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\DRIVERS\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys A565B509000BD3E42A9B93B9FFD40D3D
C:\Windows\System32\DRIVERS\usbccgp.sys 74110424CA94EE0352D99614CF927683
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys F683D12010A905AAB7E9E3100F44269E
C:\Windows\System32\DRIVERS\usbhub.sys 558C0F1D3C5CECA5B5CF631FF8B71C02
C:\Windows\System32\DRIVERS\usbohci.sys AD4491128FA2A80A4865D6FF0E3EBAC9
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\usbscan.sys C024814884CE9E6C2E6ED76A63AC3B9A
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys B2872CBF9F47316ABD0E0C74A1ABA507
C:\Windows\System32\Drivers\usbvideo.sys FC33099877790D51B0927B7039059855
C:\Windows\System32\DRIVERS\V0415Vid.sys 48567D769BC51E422665B8CFC8A4918D
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl 177590B0D2F8BE513626BB8C8D6E6A08

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 21:11 - 2014-03-21 21:11 - 00042765 _____ () C:\Users\Nougat\Desktop\FRST.txt
2014-03-21 21:11 - 2014-03-21 21:11 - 00000000 ____D () C:\FRST
2014-03-21 21:09 - 2014-03-21 21:09 - 02157056 _____ (Farbar) C:\Users\Nougat\Desktop\FRST64.exe
2014-03-21 18:22 - 2014-03-21 18:22 - 00002504 _____ () C:\Users\Nougat\Desktop\RKreport[0]_S_03212014_182239.txt
2014-03-21 13:41 - 2014-03-21 13:41 - 00002467 _____ () C:\Users\Nougat\Desktop\RKreport[0]_S_03212014_134153.txt
2014-03-21 13:37 - 2014-03-21 20:33 - 00000000 ____D () C:\Users\Nougat\Desktop\RK_Quarantine
2014-03-21 13:36 - 2014-03-21 13:36 - 03943424 _____ () C:\Users\Nougat\Desktop\RogueKiller.exe
2014-03-21 13:36 - 2014-03-21 13:36 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Nougat\Desktop\rkill64.exe
2014-03-21 13:32 - 2014-03-21 13:56 - 00002450 _____ () C:\Users\Nougat\Desktop\Rkill.txt
2014-03-21 13:31 - 2014-03-21 13:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Nougat\Desktop\rkill.exe
2014-03-19 14:03 - 2014-03-19 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Nougat\Downloads\OTL.exe
2014-03-19 10:47 - 2014-03-19 10:47 - 25200168 _____ (Mozilla) C:\Users\Nougat\Downloads\Firefox Setup 28.0.exe
2014-03-19 10:45 - 2014-03-19 10:43 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-19 10:45 - 2014-03-19 10:43 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-19 10:45 - 2014-03-19 10:43 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-19 10:29 - 2014-03-19 10:30 - 34121112 _____ (Oracle Corporation) C:\Users\Nougat\Downloads\jre-8-windows-x64.exe
2014-03-16 00:07 - 2014-03-16 00:07 - 17529160 _____ (Google Inc.) C:\Users\Nougat\Downloads\picasa39-setup (4).exe
2014-03-12 03:03 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 03:03 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 03:03 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 03:03 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 03:03 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 03:03 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 03:03 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 03:03 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 03:03 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 03:03 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 03:03 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 03:03 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 03:03 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 03:03 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 03:03 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 03:03 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 03:03 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 03:03 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 03:03 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 03:03 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 03:03 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-12 03:03 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 03:03 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 03:03 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 03:03 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 03:03 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 03:03 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-12 03:03 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 03:03 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-12 03:03 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 03:02 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 03:02 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 20:14 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 20:14 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 20:14 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 20:14 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 20:14 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-11 20:14 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-11 20:13 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 16:07 - 2014-03-11 16:07 - 04550656 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-03-04 21:50 - 2014-03-04 21:50 - 00001696 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-04 21:49 - 2014-03-04 21:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 21:49 - 2014-03-04 21:50 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 21:49 - 2014-03-04 21:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-04 21:49 - 2014-03-04 21:49 - 00000000 ____D () C:\Program Files\iPod
2014-02-22 13:38 - 2014-02-22 13:40 - 24654088 _____ (Mozilla) C:\Users\Nougat\Downloads\Firefox Setup 27.0.1.exe

==================== One Month Modified Files and Folders =======

2014-03-21 21:11 - 2014-03-21 21:11 - 00042765 _____ () C:\Users\Nougat\Desktop\FRST.txt
2014-03-21 21:11 - 2014-03-21 21:11 - 00000000 ____D () C:\FRST
2014-03-21 21:09 - 2014-03-21 21:09 - 02157056 _____ (Farbar) C:\Users\Nougat\Desktop\FRST64.exe
2014-03-21 21:02 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 21:02 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 20:42 - 2013-09-07 10:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 20:41 - 2014-02-07 18:37 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-03-21 20:33 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\Nougat\Desktop\RK_Quarantine
2014-03-21 20:24 - 2012-07-12 23:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-21 18:22 - 2014-03-21 18:22 - 00002504 _____ () C:\Users\Nougat\Desktop\RKreport[0]_S_03212014_182239.txt
2014-03-21 17:42 - 2013-09-07 10:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 17:41 - 2014-02-07 18:37 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-03-21 13:56 - 2014-03-21 13:32 - 00002450 _____ () C:\Users\Nougat\Desktop\Rkill.txt
2014-03-21 13:41 - 2014-03-21 13:41 - 00002467 _____ () C:\Users\Nougat\Desktop\RKreport[0]_S_03212014_134153.txt
2014-03-21 13:36 - 2014-03-21 13:36 - 03943424 _____ () C:\Users\Nougat\Desktop\RogueKiller.exe
2014-03-21 13:36 - 2014-03-21 13:36 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Nougat\Desktop\rkill64.exe
2014-03-21 13:31 - 2014-03-21 13:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Nougat\Desktop\rkill.exe
2014-03-21 13:23 - 2010-01-22 19:49 - 00000000 ____D () C:\Users\Nougat\AppData\Local\Deployment
2014-03-21 10:08 - 2009-04-14 13:01 - 01885561 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 02:00 - 2009-04-15 23:55 - 00000000 ____D () C:\Users\Nougat\AppData\Local\Adobe
2014-03-19 17:30 - 2012-09-22 13:35 - 00107062 _____ () C:\Users\Nougat\Downloads\OTL.Txt
2014-03-19 14:14 - 2012-09-22 13:37 - 00066772 _____ () C:\Users\Nougat\Downloads\Extras.Txt
2014-03-19 14:03 - 2014-03-19 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Nougat\Downloads\OTL.exe
2014-03-19 10:49 - 2013-11-16 02:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 10:49 - 2012-04-30 08:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 10:49 - 2009-04-14 18:05 - 00000890 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 10:47 - 2014-03-19 10:47 - 25200168 _____ (Mozilla) C:\Users\Nougat\Downloads\Firefox Setup 28.0.exe
2014-03-19 10:44 - 2014-01-16 09:27 - 00111000 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-19 10:43 - 2014-03-19 10:45 - 00312728 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-19 10:43 - 2014-03-19 10:45 - 00191384 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-19 10:43 - 2014-03-19 10:45 - 00190872 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-19 10:43 - 2014-01-16 09:26 - 00000000 ____D () C:\Program Files\Java
2014-03-19 10:30 - 2014-03-19 10:29 - 34121112 _____ (Oracle Corporation) C:\Users\Nougat\Downloads\jre-8-windows-x64.exe
2014-03-19 10:17 - 2009-09-02 00:45 - 00000680 _____ () C:\Users\Nougat\AppData\Local\d3d9caps.dat
2014-03-19 10:16 - 2012-09-24 18:17 - 00000160 _____ () C:\Users\Nougat\AppData\Local\Bandwidth.xml
2014-03-19 10:15 - 2013-08-13 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 10:11 - 2006-11-02 08:46 - 00761630 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 10:10 - 2006-11-02 08:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-19 10:07 - 2008-09-19 04:55 - 00014466 _____ () C:\Windows\SysWOW64\NapaSet.txt
2014-03-19 10:04 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 18:51 - 2009-04-14 17:39 - 00000054 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-03-16 06:13 - 2013-07-24 21:26 - 00000943 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-03-16 00:24 - 2013-09-07 10:18 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 00:07 - 2014-03-16 00:07 - 17529160 _____ (Google Inc.) C:\Users\Nougat\Downloads\picasa39-setup (4).exe
2014-03-15 23:33 - 2012-12-23 13:31 - 00039681 _____ () C:\Windows\setupact.log
2014-03-15 23:33 - 2012-11-11 14:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-13 20:21 - 2006-11-02 11:42 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 03:43 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-12 03:25 - 2006-11-02 11:21 - 01951472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 03:02 - 2009-04-14 17:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 17:25 - 2012-07-12 23:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 17:25 - 2012-07-12 23:12 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 17:25 - 2011-07-03 23:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 16:07 - 2014-03-11 16:07 - 04550656 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-03-04 21:50 - 2014-03-04 21:50 - 00001696 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-04 21:50 - 2014-03-04 21:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 21:50 - 2014-03-04 21:49 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 21:50 - 2014-03-04 21:49 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-04 21:49 - 2014-03-04 21:49 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 21:49 - 2009-04-14 19:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-26 04:04 - 2013-01-11 02:51 - 00752894 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 22:33 - 2013-09-07 09:59 - 00001320 _____ () C:\Windows\system32\spsys.log
2014-02-25 04:32 - 2008-01-20 23:26 - 06945304 _____ () C:\Windows\PFRO.log
2014-02-23 03:12 - 2014-03-12 03:03 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 02:54 - 2014-03-12 03:03 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 02:52 - 2014-03-12 03:02 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 02:48 - 2014-03-12 03:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 02:48 - 2014-03-12 03:03 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 02:46 - 2014-03-12 03:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 02:46 - 2014-03-12 03:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 02:46 - 2014-03-12 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 02:45 - 2014-03-12 03:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 02:45 - 2014-03-12 03:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 02:45 - 2014-03-12 03:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 02:44 - 2014-03-12 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 02:44 - 2014-03-12 03:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 02:44 - 2014-03-12 03:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 02:44 - 2014-03-12 03:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 02:43 - 2014-03-12 03:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 01:50 - 2014-03-12 03:03 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:47 - 2014-03-12 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:43 - 2014-03-12 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:41 - 2014-03-12 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:40 - 2014-03-12 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:39 - 2014-03-12 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 01:38 - 2014-03-12 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 01:38 - 2014-03-12 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 01:38 - 2014-03-12 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:37 - 2014-03-12 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:37 - 2014-03-12 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:37 - 2014-03-12 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:37 - 2014-03-12 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 01:36 - 2014-03-12 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:36 - 2014-03-12 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 01:35 - 2014-03-12 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-22 14:34 - 2013-07-01 17:33 - 00000000 ____D () C:\Users\Nougat\Desktop\Wedding
2014-02-22 13:40 - 2014-02-22 13:38 - 24654088 _____ (Mozilla) C:\Users\Nougat\Downloads\Firefox Setup 27.0.1.exe

Some content of TEMP:
====================
C:\Users\Nougat\AppData\Local\temp\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
C:\Users\Nougat\AppData\Local\temp\dvngng08.dll
C:\Users\Nougat\AppData\Local\temp\ntdll_dump.dll
C:\Users\Nougat\AppData\Local\temp\readSTILog.dll
C:\Users\Nougat\AppData\Local\temp\_is92BD.exe
C:\Users\Nougat\AppData\Local\temp\_isBB14.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 10:10

==================== End Of Log ============================
  • 0

#8
Dakeyras
Posted 22 March 2014 - 05:25 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Lets proceed as follows shall we...

Uninstall Software:

Click on Start(Vista Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Java 7 Update 9 <-- Out of date versions pose a security risk, also please read this.

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

[attachment=69705:fixlist.txt]

  • Now right-click on FRST.exe and select Run as Administrator to start FRST.
  • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
  • A log will now open named Fixlog and it will also be on the desktop >> close FRST.
  • Reboot your machine(ensure you do this) and post the contents of the aforementioned Fixlog in your next reply.
Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • 0

#9
tylenol_island
Posted 23 March 2014 - 02:17 PM

tylenol_island

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks again, Dakeyras! Sorry for the late reply. Please see my responses below.

Uninstall Software:

Click on Start(Vista Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Java 7 Update 9 <-- Out of date versions pose a security risk, also please read this.

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.


Done.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

Attached File fixlist.txt (2.1K)
Number of downloads: 2

Now right-click on FRST.exe and select Run as Administrator to start FRST.
Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
A log will now open named Fixlog and it will also be on the desktop >> close FRST.
Reboot your machine(ensure you do this) and post the contents of the aforementioned Fixlog in your next reply.

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.


Done in the order instructed. Please note that upon reboot, I noticed that Windows is reporting that Avast's active virus protection is turned off, but Avast! indicates that everything is operational. I'm not sure if this has to do with whatever's infected my machine. Just thought that might be worth mentioning.

Please see my Fixlog below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Nougat at 2014-03-23 15:40:12 Run:1
Running from C:\Users\Nougat\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] - [X]
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689 URL =
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
S2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [X]
C:\Users\Nougat\AppData\Local\temp\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
C:\Users\Nougat\AppData\Local\temp\dvngng08.dll
C:\Users\Nougat\AppData\Local\temp\ntdll_dump.dll
C:\Users\Nougat\AppData\Local\temp\readSTILog.dll
C:\Users\Nougat\AppData\Local\temp\_is92BD.exe
C:\Users\Nougat\AppData\Local\temp\_isBB14.exe
AlternateDataStreams: C:\ProgramData\TEMP:502D809E
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
cpuz134 => Service deleted successfully.
"C:\Users\Nougat\AppData\Local\temp\13-1-legacy_vista_win7_win8_64_dd_ccc.exe" => File/Directory not found.
"C:\Users\Nougat\AppData\Local\temp\dvngng08.dll" => File/Directory not found.
"C:\Users\Nougat\AppData\Local\temp\ntdll_dump.dll" => File/Directory not found.
"C:\Users\Nougat\AppData\Local\temp\readSTILog.dll" => File/Directory not found.
"C:\Users\Nougat\AppData\Local\temp\_is92BD.exe" => File/Directory not found.
"C:\Users\Nougat\AppData\Local\temp\_isBB14.exe" => File/Directory not found.
C:\ProgramData\TEMP => ":502D809E" ADS removed successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


==== End of Fixlog ====

Edited by tylenol_island, 23 March 2014 - 02:18 PM.

  • 0

#10
Dakeyras
Posted 24 March 2014 - 03:36 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

Sorry for the late reply.

Not a problem, I am not always available at the weekend myself.
 

I noticed that Windows is reporting that Avast's active virus protection is turned off, but Avast! indicates that everything is operational. I'm not sure if this has to do with whatever's infected my machine. Just thought that might be worth mentioning.

By all means well worth mentioning/bringing to my attention etc. Lets check this is out as follows before proceeding any further shall we...

Scan with FSS:

Please download Farbar Service Scanner and save to your Desktop.
  • Right-click FSS.exe and select Run as Administrator to start the program.
  • Select all available options.
  • Then click on the Scan tab.
  • When the scan is complete, it will produce a log named FSS.txt.
  • Post the contents in your next reply.

  • 0

Advertisements

#11
tylenol_island
Posted 25 March 2014 - 07:03 AM

tylenol_island

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thanks again, Dakeyras.  I've run Farbar as instructed.  Here's the log:

 

Farbar Service Scanner Version: 25-02-2014
Ran by Nougat (administrator) on 25-03-2014 at 08:59:13
Running from "C:\Users\Nougat\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-14 01:14] - [2013-09-03 22:31] - 0404992 ____A (Microsoft Corporation) 2BA159E1F9FD75F6A496742B20F1D9CF
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-08-13 22:18] - [2013-07-05 00:45] - 1423808 ____A (Microsoft Corporation) C2CB949645C299E23FBFD26CAD3FC96E
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

  • 0

#12
Dakeyras
Posted 25 March 2014 - 09:47 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

I've run Farbar as instructed

Thanks, all appears fine apart from not quite the expected information denoted regarding Windows Defender. Is there still a problem with the Security Center reporting that Avast's real-time protection is not active ?

In the meantime carry out the below for myself as follows please...

TFC(Temp File Cleaner):
  • Please download TFC to the desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click on TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of the GUI(graphical user interface)'
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the log-file first!
  • Now click on: EOLS4.gif
  • Use notepad to open the log-file located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

  • 0

#13
tylenol_island
Posted 25 March 2014 - 08:52 PM

tylenol_island

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

 

 

Thanks, all appears fine apart from not quite the expected information denoted regarding Windows Defender. Is there still a problem with the Security Center reporting that Avast's real-time protection is not active ?

 

I believe there was an issue still, that is until I rebooted after running TFC.  Windows hasn't reported a deficiency since.

 

 

 

TFC(Temp File Cleaner):

 

Run and rebooted at prompt.

 

 

 

ESET Online Scanner:

 

Run and re-enabled anti-virus as instructed.  Please see the log generated below, and thank you, yet again.

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=48fe113f0506ec49bfe7661af3c79bf5
# engine=17615
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-26 02:00:50
# local_time=2014-03-25 10:00:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=774 16777213 85 77 3262269 3266711 0 0
# compatibility_mode=5892 16776573 100 100 0 232397956 0 0
# scanned=297879
# found=4
# cleaned=0
# scan_time=12224
sh=A06FE2AF6D70C194C4C2EAA2605B982E37B70895 ft=1 fh=2491823e0b415d27 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\Users\Nougat\Downloads\BitTorrent-6.3.exe"
sh=906BD5E2301D5471F7B0549BE5D697C5E6CD229C ft=1 fh=fdfc9209c8ee64c7 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Nougat\Downloads\cpu-z_1.55-setup-en.exe"
sh=7E9FFBD1455A8B0F9A40193116A7E2E40735856D ft=1 fh=5660a86a9ff184c4 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Nougat\Downloads\cpu-z_1.61-setup-en.exe"
sh=994F86E28C39280086B61C2A549252549BABD46A ft=1 fh=40b5aa8f3d6d4063 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Nougat\Downloads\cpu-z_1.62-setup-en.exe"

  • 0

#14
Dakeyras
Posted 26 March 2014 - 03:49 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

I believe there was an issue still, that is until I rebooted after running TFC. Windows hasn't reported a deficiency since.

Good.
 

Run and re-enabled anti-virus as instructed. Please see the log generated below, and thank you, yet again.

You're welcome and just a few things to address per the results as follows...

Custom Batch File:

Please download the attached eset.bat below and save to your desktop:-

[attachment=69778:eset.bat]

Now right-click on eset.bat and select Run as Administrator to run the batch file.

A blank command window will open on your desktop, then close within a few seconds. This is normal and the batch file itself will self-delete when processed.

Next:

Congratulations your computer appears to be malware free!

Clean-Up with DelFix:

Please download DelFix to your desktop
  • Right-click on delfix.exe and select Run as Administrator to launch the application.
  • Referring to the image below, select all available options:
DelFix.gif
  • Then click on Run.
  • Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.
Now some advice for on-line safety:

The below is worth reading/bookmarking for future reference:

Computer Security - a short guide to staying safer online

Next:

Any questions ? Feel free to ask, if not stay safe!
  • 0

#15
tylenol_island
Posted 26 March 2014 - 05:14 AM

tylenol_island

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thanks, Dakeyras!  I've run all as instructed.  Below is my DelFix log:

 

# DelFix v10.6 - Logfile created 26/03/2014 at 06:53:30
# Updated 11/11/2013 by Xplode
# Username : Nougat - NOUGAT-PC
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\Users\Nougat\Desktop\RK_Quarantine
Deleted : C:\Users\Nougat\Desktop\Addition.txt
Deleted : C:\Users\Nougat\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Nougat\Desktop\Fixlog.txt
Deleted : C:\Users\Nougat\Desktop\FRST.txt
Deleted : C:\Users\Nougat\Desktop\FRST64.exe
Deleted : C:\Users\Nougat\Desktop\FSS.exe
Deleted : C:\Users\Nougat\Desktop\FSS.txt
Deleted : C:\Users\Nougat\Desktop\rkill.exe
Deleted : C:\Users\Nougat\Desktop\Rkill.txt
Deleted : C:\Users\Nougat\Desktop\rkill64.exe
Deleted : C:\Users\Nougat\Desktop\RKreport[0]_S_03212014_134153.txt
Deleted : C:\Users\Nougat\Desktop\RKreport[0]_S_03212014_182239.txt
Deleted : C:\Users\Nougat\Desktop\RogueKiller.exe
Deleted : C:\Users\Nougat\Desktop\TFC.exe
Deleted : C:\Users\Nougat\Downloads\Extras.Txt
Deleted : C:\Users\Nougat\Downloads\OTL.Txt
Deleted : C:\Users\Nougat\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Error when deleting (1) : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
I do have one question... what was it that had infected my machine, and which fix was it that seems to have put a stop to it?  I've dealt with a few different infections in the past, but this one's unique to me in that it hasn't explicitly prevented me from doing anything, like logging in or accessing my normal homepage.  So, because I can't notice a difference on my machine, I guess I don't have that usual "yep, it's definitely gone!" feeling.  Along that vein, I'm just looking for some more info to help put my mind at ease.  
 
Many thanks!

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP