Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

steamguard.exe phishing virus [Solved]

Started by kingkeef , Aug 20 2014 10:11 AM

  • This topic is locked This topic is locked

#16
BrianDrab
Posted 24 August 2014 - 09:24 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Go ahead and answer No and let the scan finish. Let me know if it crashes.


  • 0

Advertisements

#17
kingkeef
Posted 24 August 2014 - 09:29 AM

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hey! I just received another message from a phisher with the same .exe file. Would you like me to PM you and you could check it out? lol


  • 0

#18
kingkeef
Posted 24 August 2014 - 09:43 AM

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

It says no malware found :P


  • 0

#19
BrianDrab
Posted 24 August 2014 - 09:46 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

On your desktop within the mbar folder you will find a log that begins with mbar-log. Can you post the contents of this?


  • 0

#20
kingkeef
Posted 24 August 2014 - 09:46 AM

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.08.24.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
Arthur :: ARTHUR-PC [administrator]
 
8/24/2014 11:31:05 AM
mbar-log-2014-08-24 (11-31-05).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 363385
Time elapsed: 12 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

  • 0

#21
kingkeef
Posted 24 August 2014 - 09:52 AM

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

At this point I have come to the conclusion that this is made solely to steal accounts or just virtually disappeared deep inside my machine :o


  • 0

#22
BrianDrab
Posted 24 August 2014 - 09:57 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Excellent. Only a couple more things to check.

 

Step#1 - Fresh Set of Logs Needed
Let's begin. Please follow the steps below.

1. Right-click on the FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Press Scan button.
3. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
4. Please copy and paste log back here.

 

 

Step#2 - Security Check

 

1. Download Security Check from here or here.

2. Save it to your Desktop.

3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.

4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: Sometimes this can take 10 to 15 minutes to run so don't be alarmed if it does.

 

 

 

Items for your next post

1. Contents of the FRST file.

2. Contents of the checkup.txt file.

 

 


  • 0

#23
kingkeef
Posted 24 August 2014 - 10:21 AM

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 02
Ran by Arthur (administrator) on ARTHUR-PC on 24-08-2014 12:14:53
Running from C:\Users\Arthur\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9437600 2014-07-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5315488 2014-07-02] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2034252377-2309476039-309546250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2034252377-2309476039-309546250-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [246592 2012-05-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [202048 2012-05-15] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...NN_enUS468US468
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Users\Arthur\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2014-08-24]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
CHR Extension: (Google Wallet) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-09-30] (Realtek Semiconductor Corp.) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32984 2013-07-31] (Razer)
S2 SkypeUpdate; C:\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 UTSCSI; C:\windows\SysWOW64\UTSCSI.EXE [45056 2014-06-27] () [File not signed]
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-03-23] (Ralink Technology Corp.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-01] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-19] (Symantec Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140822.001\IDSvia64.sys [525016 2014-08-19] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140823.001\ENG64.SYS [129752 2014-08-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140823.001\EX64.SYS [2137304 2014-08-22] (Symantec Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-05-19] (Razer Inc)
S3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [128984 2013-07-31] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74456 2013-07-31] (Razer USA Ltd)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 cpuz135; \??\C:\windows\TEMP\cpuz135\cpuz135_x64.sys [X]
U2 DriverService; No ImagePath
S3 ESEADriver2; \??\C:\Users\Arthur\AppData\Local\Temp\ESEADriver2.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
U2 PCCarerServic; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va017; \??\C:\windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 12:15 - 2014-08-24 12:15 - 00854417 _____ () C:\Users\Arthur\Downloads\SecurityCheck.exe
2014-08-24 12:15 - 2014-08-24 12:15 - 00854417 _____ () C:\Users\Arthur\Desktop\SecurityCheck.exe
2014-08-24 10:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-24 10:11 - 2014-08-24 11:16 - 00000000 ____D () C:\AdwCleaner
2014-08-24 10:10 - 2014-08-24 10:10 - 01364531 _____ () C:\Users\Arthur\Downloads\AdwCleaner.exe
2014-08-24 10:10 - 2014-08-24 10:10 - 01364531 _____ () C:\Users\Arthur\Desktop\AdwCleaner.exe
2014-08-24 10:00 - 2014-08-24 10:00 - 00000000 ____D () C:\Users\Arthur\Desktop\FRST-OlderVersion
2014-08-24 09:59 - 2014-08-24 09:59 - 00001067 _____ () C:\Users\Arthur\Downloads\fixlist.txt
2014-08-21 13:12 - 2014-08-21 13:12 - 00037392 _____ () C:\Users\Arthur\Desktop\Addition.txt
2014-08-21 13:06 - 2014-08-24 12:14 - 00017303 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-08-21 13:06 - 2014-08-24 10:00 - 02103296 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2014-08-21 13:05 - 2014-08-24 12:14 - 00000000 ____D () C:\FRST
2014-08-21 13:05 - 2014-08-21 13:05 - 02101760 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2014-08-20 12:22 - 2014-08-20 12:22 - 00001039 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-20 12:14 - 2014-08-20 12:14 - 00000000 ____D () C:\windows\ERUNT
2014-08-20 12:13 - 2014-08-20 12:13 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
2014-08-19 20:06 - 2014-08-24 11:17 - 00000896 _____ () C:\windows\setupact.log
2014-08-19 20:06 - 2014-08-19 20:06 - 00000000 _____ () C:\windows\setuperr.log
2014-08-19 20:05 - 2014-08-24 11:17 - 00009616 _____ () C:\windows\PFRO.log
2014-08-19 19:20 - 2014-08-19 19:20 - 89636864 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 05275648 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00032768 _____ () C:\windows\system32\config\SAM.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-08-19 19:13 - 2014-08-19 19:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Tific
2014-08-19 18:34 - 2014-08-19 18:34 - 00000085 _____ () C:\windows\wininit.ini
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\Users\Arthur\AppData\Local\PreEmptive Solutions
2014-08-19 18:06 - 2014-08-19 18:06 - 01696192 _____ (ESET) C:\Users\Arthur\Downloads\eset_nod32_antivirus_live_installer.exe
2014-08-19 17:30 - 2014-08-24 11:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 17:29 - 2014-08-24 11:43 - 00000000 ____D () C:\Users\Arthur\Desktop\mbar
2014-08-19 17:28 - 2014-08-19 17:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Arthur\Downloads\mbar-1.07.0.1012.exe
2014-08-19 17:20 - 2014-08-19 17:20 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL (1).exe
2014-08-19 17:11 - 2014-08-19 17:11 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL.exe
2014-08-19 16:43 - 2014-08-19 16:43 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-08-19 16:39 - 2014-08-19 18:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 16:30 - 2014-08-19 18:32 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-08-19 16:30 - 2014-08-19 16:32 - 00000000 ____D () C:\Users\Arthur\Documents\RegRun2
2014-08-19 16:30 - 2014-08-19 16:30 - 15790435 _____ () C:\Users\Arthur\Downloads\unhackme.zip
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\winstart.bat
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\CONFIG.NT
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\AUTOEXEC.NT
2014-08-19 16:27 - 2014-08-19 16:28 - 00000000 ____D () C:\Users\Arthur\AppData\Local\NPE
2014-08-19 16:27 - 2014-08-19 16:27 - 03077584 ____N (Symantec Corporation) C:\Users\Arthur\Downloads\NPE.exe
2014-08-19 16:10 - 2014-08-24 11:46 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 16:10 - 2014-08-24 11:30 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-18 15:39 - 2014-08-22 17:11 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Windows Live
2014-08-15 13:17 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 13:17 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 13:17 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 13:17 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 13:17 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 13:17 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 13:16 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 13:16 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 11:14 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 11:14 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 11:14 - 2014-07-08 18:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 11:14 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 11:13 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 11:13 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 11:13 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 11:13 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 11:13 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 11:13 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 11:13 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 11:13 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 11:13 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 11:13 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 11:13 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 11:13 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 11:13 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 11:13 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 11:13 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 11:13 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 11:13 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 11:13 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 11:13 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 11:13 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 11:13 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 11:13 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 11:13 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 11:13 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 11:13 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 11:13 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 11:13 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 11:13 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 11:13 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 11:13 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 11:13 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 11:13 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 11:13 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 11:13 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 11:13 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 11:13 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 11:13 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 11:13 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 11:13 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 11:13 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 11:13 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 11:13 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 11:13 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 11:13 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 11:13 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 11:13 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 11:13 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 11:13 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 11:13 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 11:13 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 11:13 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 11:13 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 11:13 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 11:13 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 11:13 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 11:13 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 11:13 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 11:13 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 11:13 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 11:13 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 11:13 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 11:13 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 11:13 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 11:13 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 11:13 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 11:13 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 11:12 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 11:12 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-15 11:12 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 11:12 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-03 10:06 - 2014-08-03 10:06 - 00000000 ____D () C:\Users\Arthur\Desktop\Tor Browser
2014-08-03 10:04 - 2014-08-03 10:04 - 27239623 _____ () C:\Users\Arthur\Downloads\torbrowser-install-3.6.3_en-US.exe
2014-08-03 10:03 - 2014-08-03 10:04 - 01010912 _____ (Jitbit Software ) C:\Users\Arthur\Downloads\MacroRecorderSetup.exe
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ___RD () C:\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-03 09:37 - 2014-08-03 09:37 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Arthur\Downloads\SkypeSetup (1).exe
2014-08-02 18:58 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-02 18:58 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-02 18:58 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-02 18:58 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-02 18:57 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-02 18:57 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-02 18:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-02 18:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-02 18:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-02 18:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-07-25 13:02 - 2014-07-25 13:02 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer_Inc
2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-07-25 12:34 - 2014-07-25 12:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\VS
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-07-25 09:40 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-07-25 09:40 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 12:16 - 2014-08-21 13:06 - 00017303 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-08-24 12:15 - 2014-08-24 12:15 - 00854417 _____ () C:\Users\Arthur\Downloads\SecurityCheck.exe
2014-08-24 12:15 - 2014-08-24 12:15 - 00854417 _____ () C:\Users\Arthur\Desktop\SecurityCheck.exe
2014-08-24 12:14 - 2014-08-21 13:05 - 00000000 ____D () C:\FRST
2014-08-24 11:55 - 2012-01-20 20:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-24 11:46 - 2014-08-19 16:10 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 11:43 - 2014-08-19 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-24 11:43 - 2014-08-19 17:29 - 00000000 ____D () C:\Users\Arthur\Desktop\mbar
2014-08-24 11:30 - 2014-08-19 16:10 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-24 11:28 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 11:28 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 11:25 - 2011-11-06 00:11 - 01335038 _____ () C:\windows\WindowsUpdate.log
2014-08-24 11:24 - 2009-07-14 01:13 - 00876932 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-24 11:23 - 2011-11-06 01:00 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 11:18 - 2011-11-06 00:50 - 00141451 _____ () C:\windows\system32\fastboot.set
2014-08-24 11:17 - 2014-08-19 20:06 - 00000896 _____ () C:\windows\setupact.log
2014-08-24 11:17 - 2014-08-19 20:05 - 00009616 _____ () C:\windows\PFRO.log
2014-08-24 11:17 - 2011-11-06 01:00 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 11:17 - 2011-11-06 00:49 - 01177882 _____ () C:\FaceProv.log
2014-08-24 11:17 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-24 11:17 - 2009-07-14 00:45 - 00311168 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-24 11:16 - 2014-08-24 10:11 - 00000000 ____D () C:\AdwCleaner
2014-08-24 10:12 - 2011-11-06 00:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-08-24 10:10 - 2014-08-24 10:10 - 01364531 _____ () C:\Users\Arthur\Downloads\AdwCleaner.exe
2014-08-24 10:10 - 2014-08-24 10:10 - 01364531 _____ () C:\Users\Arthur\Desktop\AdwCleaner.exe
2014-08-24 10:00 - 2014-08-24 10:00 - 00000000 ____D () C:\Users\Arthur\Desktop\FRST-OlderVersion
2014-08-24 10:00 - 2014-08-21 13:06 - 02103296 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2014-08-24 09:59 - 2014-08-24 09:59 - 00001067 _____ () C:\Users\Arthur\Downloads\fixlist.txt
2014-08-22 17:11 - 2014-08-18 15:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Windows Live
2014-08-22 13:14 - 2012-01-20 22:50 - 00000000 ____D () C:\Users\Arthur\AppData\Local\CrashDumps
2014-08-21 13:12 - 2014-08-21 13:12 - 00037392 _____ () C:\Users\Arthur\Desktop\Addition.txt
2014-08-21 13:05 - 2014-08-21 13:05 - 02101760 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2014-08-20 12:22 - 2014-08-20 12:22 - 00001039 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-20 12:14 - 2014-08-20 12:14 - 00000000 ____D () C:\windows\ERUNT
2014-08-20 12:13 - 2014-08-20 12:13 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
2014-08-20 10:49 - 2012-05-27 15:09 - 00000000 ____D () C:\Users\Arthur\Documents\Youcam
2014-08-19 21:08 - 2012-06-26 17:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-08-19 20:06 - 2014-08-19 20:06 - 00000000 _____ () C:\windows\setuperr.log
2014-08-19 19:20 - 2014-08-19 19:20 - 89636864 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 05275648 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00032768 _____ () C:\windows\system32\config\SAM.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-08-19 19:20 - 2012-01-20 18:03 - 00000000 ____D () C:\Users\Arthur
2014-08-19 19:13 - 2014-08-19 19:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Tific
2014-08-19 18:34 - 2014-08-19 18:34 - 00000085 _____ () C:\windows\wininit.ini
2014-08-19 18:33 - 2014-08-19 16:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 18:32 - 2014-08-19 16:30 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\Users\Arthur\AppData\Local\PreEmptive Solutions
2014-08-19 18:06 - 2014-08-19 18:06 - 01696192 _____ (ESET) C:\Users\Arthur\Downloads\eset_nod32_antivirus_live_installer.exe
2014-08-19 17:28 - 2014-08-19 17:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Arthur\Downloads\mbar-1.07.0.1012.exe
2014-08-19 17:20 - 2014-08-19 17:20 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL (1).exe
2014-08-19 17:11 - 2014-08-19 17:11 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL.exe
2014-08-19 16:43 - 2014-08-19 16:43 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-08-19 16:36 - 2012-02-24 19:15 - 00000000 ___RD () C:\Users\Arthur\Desktop\Unused Desktop Items
2014-08-19 16:32 - 2014-08-19 16:30 - 00000000 ____D () C:\Users\Arthur\Documents\RegRun2
2014-08-19 16:30 - 2014-08-19 16:30 - 15790435 _____ () C:\Users\Arthur\Downloads\unhackme.zip
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\winstart.bat
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\CONFIG.NT
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\AUTOEXEC.NT
2014-08-19 16:28 - 2014-08-19 16:27 - 00000000 ____D () C:\Users\Arthur\AppData\Local\NPE
2014-08-19 16:27 - 2014-08-19 16:27 - 03077584 ____N (Symantec Corporation) C:\Users\Arthur\Downloads\NPE.exe
2014-08-19 16:27 - 2012-01-20 18:17 - 00000000 ____D () C:\ProgramData\Norton
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2012-07-12 20:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 16:10 - 2012-07-12 20:41 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Malwarebytes
2014-08-19 16:10 - 2012-07-12 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 15:36 - 2009-07-14 01:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-17 11:28 - 2011-11-06 01:01 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-08-17 10:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-15 13:32 - 2012-06-26 18:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-08-15 13:32 - 2012-06-26 18:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-08-15 13:26 - 2014-07-15 21:54 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 13:22 - 2012-01-20 18:42 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 13:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-15 13:16 - 2014-07-16 12:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 11:12 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 11:12 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-03 10:45 - 2013-05-07 18:47 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Skype
2014-08-03 10:06 - 2014-08-03 10:06 - 00000000 ____D () C:\Users\Arthur\Desktop\Tor Browser
2014-08-03 10:04 - 2014-08-03 10:04 - 27239623 _____ () C:\Users\Arthur\Downloads\torbrowser-install-3.6.3_en-US.exe
2014-08-03 10:04 - 2014-08-03 10:03 - 01010912 _____ (Jitbit Software ) C:\Users\Arthur\Downloads\MacroRecorderSetup.exe
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ___RD () C:\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-03 09:39 - 2013-05-07 18:47 - 00000000 ____D () C:\ProgramData\Skype
2014-08-03 09:37 - 2014-08-03 09:37 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Arthur\Downloads\SkypeSetup (1).exe
2014-07-31 19:41 - 2014-08-15 11:13 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 11:13 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-07-27 12:09 - 2012-06-26 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-07-27 11:56 - 2012-01-20 18:05 - 00062840 _____ () C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-25 14:15 - 2014-07-24 12:35 - 00000040 _____ () C:\Users\Arthur\Desktop\am.txt
2014-07-25 13:53 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-07-25 13:06 - 2013-08-11 15:29 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer
2014-07-25 13:05 - 2012-01-20 20:53 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-07-25 13:02 - 2014-07-25 13:02 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer_Inc
2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-07-25 12:34 - 2014-07-25 12:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2014-07-25 12:33 - 2012-01-20 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-07-25 12:20 - 2013-08-11 15:26 - 00000000 ____D () C:\ProgramData\Razer
2014-07-25 12:15 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\VS
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-07-25 11:55 - 2012-06-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-25 10:52 - 2014-08-15 11:13 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-15 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-15 11:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-15 11:13 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-15 11:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-15 11:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-15 11:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-15 11:13 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-15 11:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-15 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-15 11:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-15 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-15 11:13 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-15 11:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-15 11:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-15 11:13 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-15 11:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-15 11:13 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-15 11:13 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-15 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-15 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-15 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-15 11:13 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-15 11:13 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-15 11:13 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-15 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-15 11:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-15 11:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-15 11:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-15 11:13 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-15 11:13 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-15 11:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-15 11:13 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-15 11:13 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-15 11:13 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-15 11:13 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-15 11:13 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-15 11:13 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-15 11:13 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-15 11:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-15 11:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-15 11:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-15 11:13 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-15 11:13 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-15 11:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-15 11:13 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-15 11:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-15 11:13 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-15 11:13 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-15 11:13 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-15 11:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-15 11:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-15 11:13 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-15 11:13 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
 
Some content of TEMP:
====================
C:\Users\Arthur\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-18 13:36
 
==================== End Of Log ============================
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java™ 6 Update 35  
 Java version out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

  • 0

#24
BrianDrab
Posted 24 August 2014 - 05:03 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Logs looked real good. I would like to do a final scan to ensure there is nothing lurking about.

 

ESET Online Scanner and Post Results

Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. I believe on the taskbar, you right-click the Norton icon and then click Disable AntiVirus Auto-Protect or something similar. Instructions for doing this on many AVs are here.

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the contents of the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
    Note: Copy/Paste the contents of the log.txt file BEFORE going on to the next step or the log file will be removed.
  • Also be sure to check Uninstall Application on Close before clicking finish.
  • Paste that log as a part of your next post.

 

 

 

Items for your next post

1. Contents of the ESET log file


  • 0

#25
kingkeef
Posted 25 August 2014 - 09:38 AM

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=186582faa32fa546933545771508451e
# engine=19829
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-25 03:31:40
# local_time=2014-08-25 11:31:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 160524150 0 0
# scanned=229966
# found=6
# cleaned=0
# scan_time=6420
sh=8BFB50724277A7636466DDA626A4B088D7E69C36 ft=1 fh=0df29651cde52871 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Arthur\Downloads\ESEAClientInstall (1).exe"
sh=F375973874412E7212E7E758F377E3613670C3A7 ft=1 fh=978cbda8117b5c30 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Arthur\Downloads\ESEAClientInstall (2).exe"
sh=8BFB50724277A7636466DDA626A4B088D7E69C36 ft=1 fh=0df29651cde52871 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Arthur\Downloads\ESEAClientInstall.exe"
sh=61DF4AE26E9110636F32AB6025A394AB252DCD39 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.NetShrink.B trojan" ac=I fn="C:\Users\Arthur\Downloads\InstaFlow Gold 3.9.5.0.rar"
sh=366448A99BB9D9222A5BFC968F599F8C9D8E5B0D ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.NoobyProtect.D potentially unwanted application" ac=I fn="C:\Users\Arthur\Downloads\xClient_v1.0_Build_v3.7.zip"
sh=BA9DB3B37AD17BF80DE699D6C98BC60CB65BB6F7 ft=1 fh=da0aadca8740f563 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Windows\libmem.dll"
 
 
 
ehh.. ESEA is safe lol

  • 0

Advertisements

#26
kingkeef
Posted 25 August 2014 - 01:43 PM

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

norton marked steamguard.exe as safe :( WHYYYY


  • 0

#27
BrianDrab
Posted 25 August 2014 - 02:18 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Where is the steamguard.exe? Are you saying you have it somewhere on your computer that you can see?

 

One file to remove and your computer is clean! Since you have already changed your steam password I think that's the best you can do and it was smart to do it immediately. I have some final steps and recommendations below.

 

Step#1 - Delete one File

I suggest you delete C:\Users\Arthur\Downloads\InstaFlow Gold 3.9.5.0.rar. You may want to periodically purge your downloads folder as well.

 

Step#2 - Clean Up!
 

We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
Download Delfix from here.
 

  • Ensure "Remove disinfection tools" is checked.
  • Ensure "Create registry backup" is checked.
  • Ensure "Reset system settings" is checked.
  • Note: I see you have UAC disabled. We recommend enabling this as it provides an extra layer of security. If you wish to do so, please check Activate UAC as well.
  • Click Run.
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

Capture.JPG

 
Step#3 - Windows Updates

Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
Step#4 - Keeping Programs Updated

You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
Another alternative and popular software program for keeping your programs current is FileHippo Update Checker. Some people prefer this one.
 
1. Please download FileHippo update checker from here and save to your desktop.
2. Double-click the FHSetup.exe file that was downloaded and accept all the defaults to install the program.
3. The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    Once updates are found you will see information from your task bar as follows. If you click on this informational message you will be take to a website showing the programs

    that you have that are outdated and links will be provided to the updates.
Capture.JPG

 

 
Step#5 - Keeping JAVA Updated

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to diasble Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
It appears you know how to keep Java updated so I'll just recommend that you uninstall  Java™ 6 Update 35 unless you have a specific reason not to. You already have the current one installed as well.
 
Step#6 - Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader
If your major version matches the major version from Adobe then perform the following steps.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.
If your major version is lower than the major version from Adobe then perform the following steps.
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.

NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 
OK, all the best, and stay safe!
 

 

Items for your Next Post
1. Contents of the Delfix log.


  • 0

#28
kingkeef
Posted 25 August 2014 - 03:55 PM

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
# DelFix v10.8 - Logfile created 25/08/2014 at 17:54:53
# Updated 29/07/2014 by Xplode
# Username : Arthur - ARTHUR-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Arthur\Desktop\FRST-OlderVersion
Deleted : C:\Users\Arthur\Desktop\mbar
Deleted : C:\Info.txt
Deleted : C:\Users\Arthur\Desktop\Addition.txt
Deleted : C:\Users\Arthur\Desktop\AdwCleaner.exe
Deleted : C:\Users\Arthur\Desktop\Fixlog.txt
Deleted : C:\Users\Arthur\Desktop\FRST.txt
Deleted : C:\Users\Arthur\Desktop\FRST64.exe
Deleted : C:\Users\Arthur\Desktop\JRT.txt
Deleted : C:\Users\Arthur\Desktop\SecurityCheck.exe
Deleted : C:\Users\Arthur\Downloads\AdwCleaner.exe
Deleted : C:\Users\Arthur\Downloads\FRST64.exe
Deleted : C:\Users\Arthur\Downloads\JRT.exe
Deleted : C:\Users\Arthur\Downloads\OTL (1).exe
Deleted : C:\Users\Arthur\Downloads\OTL.exe
Deleted : C:\Users\Arthur\Downloads\script_public.user.js
Deleted : C:\Users\Arthur\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
 
 
Thanks , really appreciate your help. Any way I can donate/tip you? i'll come back if any problems persist.

Edited by kingkeef, 25 August 2014 - 03:55 PM.

  • 0

#29
BrianDrab
Posted 25 August 2014 - 04:33 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. My help is always free but I appreciate the thought. You may always provide feedback here if you wish. http://www.geekstogo...to-go-feedback/

 

Take care and be safe.

 


  • 0

#30
Dakeyras
Posted 27 August 2014 - 03:15 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP