I was tricked into downloading a file named steamguard.exe (nothing happened when running the file) and my computer seems a lot slower. I tried running MBAM and it did not pick up anything. Upon reading on this it seems it grabs some SSFN file and gives it to the host but I just want to make sure I'm not infected with any keyloggers, etc. I've changed my steam password.
steamguard.exe phishing virus [Solved]
#1
Posted 20 August 2014 - 10:11 AM
#2
Posted 20 August 2014 - 05:27 PM
Hi. My name is Brian. Let's take a look and see if you are infected.
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
- General Instructions -
- Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
- I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
- Any fixes provided by myself are for this log file only and should not be used on any other systems.
- Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
- You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
- Please feel free to ask any questions, especially if you are having problems with my instructions.
- Save ALL Tools to your Desktop-
All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
- Finally Before We Start-
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.
Items for your next post
1. Contents of the FRST log.
2. Contents of the Addition log.
#3
Posted 21 August 2014 - 11:28 AM
I was not able to post the FRST file without my computer freezing :\ I uploaded it on mediafire: http://www.mediafire...or2ez0/FRST.txt
Here's the addition.txt
#4
Posted 21 August 2014 - 12:41 PM
When I click on your link I get an Access Denied message. Can you attach the file instead of pasting it in this post? It's not recommended but in this instance is OK.
You can click on the "More Reply Options" button which is next to the Post button. When you do this you will see an Attach Files area.
Please let me know.
#5
Posted 21 August 2014 - 12:49 PM
EDIT: This file was too big to upload
Lol it's nearly 4 MB, what the [bleep]
Edited by kingkeef, 21 August 2014 - 12:50 PM.
#6
Posted 21 August 2014 - 12:54 PM
#7
Posted 21 August 2014 - 01:00 PM
One of my peers has shown me how to get the file from MediaFire. I'm reviewing it and will be back with you. Thank you!
#8
Posted 22 August 2014 - 11:09 AM
I just wanted to check in and let you know we are still working on your issue. I did have three questions however.
1. Is Chrome your Primary browser that you use?
2. Do you utilize bookmarks in Chrome?
3. Do you use the Windows Live Photo Gallery as far as you know?
Please let me know. Lastly I'm going to post your log below since it will be easier to research and provide a better historical record than having it referenced at an external site like MediaFire.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Arthur (administrator) on ARTHUR-PC on 21-08-2014 13:06:40
Running from C:\Users\Arthur\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9437600 2014-07-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5315488 2014-07-02] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2034252377-2309476039-309546250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2034252377-2309476039-309546250-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2034252377-2309476039-309546250-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [246592 2012-05-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [202048 2012-05-15] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...NN_enUS468US468
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...NN_enUS468US468
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Users\Arthur\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2014-08-21]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Liveà <------------these funky characters go on for over 1.8 million characters and would not post so I truncated those Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-13]
CHR Extension: (Google Wallet) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-08-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-09-30] (Realtek Semiconductor Corp.) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32984 2013-07-31] (Razer)
S2 SkypeUpdate; C:\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 UTSCSI; C:\windows\SysWOW64\UTSCSI.EXE [45056 2014-06-27] () [File not signed]
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-03-23] (Ralink Technology Corp.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-01] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-19] (Symantec Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140819.001\IDSvia64.sys [525016 2014-08-19] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140820.002\ENG64.SYS [126040 2014-08-19] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140820.002\EX64.SYS [2099288 2014-08-19] (Symantec Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-05-19] (Razer Inc)
S3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [128984 2013-07-31] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74456 2013-07-31] (Razer USA Ltd)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
S3 cpuz135; \??\C:\windows\TEMP\cpuz135\cpuz135_x64.sys [X]
U2 DriverService;
S3 ESEADriver2; \??\C:\Users\Arthur\AppData\Local\Temp\ESEADriver2.sys [X]
U2 IAStorDataMgrSvc;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U0 Partizan; system32\drivers\Partizan.sys [X]
U2 PCCarerServic;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 SoftwareService;
U2 Stereo Service;
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va017; \??\C:\windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 13:06 - 2014-08-21 13:11 - 04133552 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-08-21 13:06 - 2014-08-21 13:05 - 02101760 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2014-08-21 13:05 - 2014-08-21 13:06 - 00000000 ____D () C:\FRST
2014-08-21 13:05 - 2014-08-21 13:05 - 02101760 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2014-08-20 12:22 - 2014-08-20 12:22 - 00001039 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-20 12:14 - 2014-08-20 12:14 - 00000000 ____D () C:\windows\ERUNT
2014-08-20 12:13 - 2014-08-20 12:13 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
2014-08-19 20:06 - 2014-08-21 11:30 - 00000392 _____ () C:\windows\setupact.log
2014-08-19 20:06 - 2014-08-19 20:06 - 00000000 _____ () C:\windows\setuperr.log
2014-08-19 20:05 - 2014-08-19 20:05 - 00004122 _____ () C:\windows\PFRO.log
2014-08-19 19:20 - 2014-08-19 19:20 - 89636864 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 05275648 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00032768 _____ () C:\windows\system32\config\SAM.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-08-19 19:13 - 2014-08-19 19:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Tific
2014-08-19 18:34 - 2014-08-19 18:34 - 00000085 _____ () C:\windows\wininit.ini
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\Users\Arthur\AppData\Local\PreEmptive Solutions
2014-08-19 18:06 - 2014-08-19 18:06 - 01696192 _____ (ESET) C:\Users\Arthur\Downloads\eset_nod32_antivirus_live_installer.exe
2014-08-19 17:30 - 2014-08-19 17:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 17:29 - 2014-08-19 17:38 - 00000000 ____D () C:\Users\Arthur\Desktop\mbar
2014-08-19 17:28 - 2014-08-19 17:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Arthur\Downloads\mbar-1.07.0.1012.exe
2014-08-19 17:20 - 2014-08-19 17:20 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL (1).exe
2014-08-19 17:11 - 2014-08-19 17:11 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL.exe
2014-08-19 16:43 - 2014-08-19 20:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 16:43 - 2014-08-19 16:43 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-08-19 16:41 - 2014-08-19 16:42 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Arthur\Downloads\spybot-2.4.exe
2014-08-19 16:39 - 2014-08-19 18:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:39 - 2014-08-19 18:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 16:37 - 2014-08-19 16:38 - 16409960 _____ (Safer Networking Limited ) C:\Users\Arthur\Downloads\spybotsd162.exe
2014-08-19 16:30 - 2014-08-19 18:32 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-08-19 16:30 - 2014-08-19 16:32 - 00000000 ____D () C:\Users\Arthur\Documents\RegRun2
2014-08-19 16:30 - 2014-08-19 16:30 - 15790435 _____ () C:\Users\Arthur\Downloads\unhackme.zip
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\winstart.bat
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\CONFIG.NT
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\AUTOEXEC.NT
2014-08-19 16:27 - 2014-08-19 16:28 - 00000000 ____D () C:\Users\Arthur\AppData\Local\NPE
2014-08-19 16:27 - 2014-08-19 16:27 - 03077584 ____N (Symantec Corporation) C:\Users\Arthur\Downloads\NPE.exe
2014-08-19 16:10 - 2014-08-19 18:09 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 16:10 - 2014-08-19 17:30 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Windows Live
2014-08-15 13:17 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 13:17 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 13:17 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 13:17 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 13:17 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 13:17 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 13:16 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 13:16 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 11:14 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 11:14 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 11:14 - 2014-07-08 18:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 11:14 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 11:13 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 11:13 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 11:13 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 11:13 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 11:13 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 11:13 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 11:13 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 11:13 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 11:13 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 11:13 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 11:13 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 11:13 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 11:13 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 11:13 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 11:13 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 11:13 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 11:13 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 11:13 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 11:13 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 11:13 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 11:13 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 11:13 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 11:13 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 11:13 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 11:13 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 11:13 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 11:13 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 11:13 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 11:13 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 11:13 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 11:13 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 11:13 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 11:13 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 11:13 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 11:13 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 11:13 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 11:13 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 11:13 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 11:13 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 11:13 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 11:13 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 11:13 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 11:13 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 11:13 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 11:13 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 11:13 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 11:13 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 11:13 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 11:13 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 11:13 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 11:13 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 11:13 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 11:13 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 11:13 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 11:13 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 11:13 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 11:13 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 11:13 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 11:13 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 11:13 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 11:13 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 11:13 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 11:13 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 11:13 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 11:13 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 11:13 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 11:12 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 11:12 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-15 11:12 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 11:12 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-03 10:06 - 2014-08-03 10:06 - 00000000 ____D () C:\Users\Arthur\Desktop\Tor Browser
2014-08-03 10:04 - 2014-08-03 10:04 - 27239623 _____ () C:\Users\Arthur\Downloads\torbrowser-install-3.6.3_en-US.exe
2014-08-03 10:03 - 2014-08-03 10:04 - 01010912 _____ (Jitbit Software ) C:\Users\Arthur\Downloads\MacroRecorderSetup.exe
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ___RD () C:\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-03 09:37 - 2014-08-03 09:37 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Arthur\Downloads\SkypeSetup (1).exe
2014-08-02 18:58 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-02 18:58 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-02 18:58 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-02 18:58 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-02 18:57 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-02 18:57 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-02 18:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-02 18:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-02 18:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-02 18:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-07-25 13:02 - 2014-07-25 13:02 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer_Inc
2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-07-25 12:34 - 2014-07-25 12:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\VS
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-07-25 09:40 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-07-25 09:40 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-24 12:35 - 2014-07-25 14:15 - 00000040 _____ () C:\Users\Arthur\Desktop\am.txt
2014-07-24 11:21 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2014-07-24 11:21 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2014-07-24 11:17 - 2014-07-24 11:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-24 11:17 - 2014-07-24 11:17 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-24 11:12 - 2014-07-24 11:13 - 94972064 _____ (Intel® Corporation) C:\Users\Arthur\Downloads\Wireless_16.7.0_s64.exe
2014-07-24 11:12 - 2014-07-24 11:13 - 145417920 _____ (Intel Corporation) C:\Users\Arthur\Downloads\Win64_152822.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-24 10:51 - 2013-04-17 20:20 - 00026432 _____ (IObit) C:\windows\system32\RegistryDefragBootTime.exe
2014-07-22 10:20 - 2014-07-22 10:20 - 00000000 __RHD () C:\MSOCache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 13:11 - 2014-08-21 13:06 - 04133552 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-08-21 13:10 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 13:10 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 13:06 - 2014-08-21 13:05 - 00000000 ____D () C:\FRST
2014-08-21 13:05 - 2014-08-21 13:06 - 02101760 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2014-08-21 13:05 - 2014-08-21 13:05 - 02101760 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2014-08-21 12:27 - 2012-01-20 20:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-21 12:27 - 2011-11-06 00:11 - 01257863 _____ () C:\windows\WindowsUpdate.log
2014-08-21 12:23 - 2011-11-06 01:00 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 11:38 - 2009-07-14 01:13 - 00876932 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-21 11:31 - 2011-11-06 01:00 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 11:31 - 2011-11-06 00:50 - 00117617 _____ () C:\windows\system32\fastboot.set
2014-08-21 11:31 - 2011-11-06 00:49 - 01162775 _____ () C:\FaceProv.log
2014-08-21 11:31 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-21 11:30 - 2014-08-19 20:06 - 00000392 _____ () C:\windows\setupact.log
2014-08-20 15:14 - 2012-01-20 22:50 - 00000000 ____D () C:\Users\Arthur\AppData\Local\CrashDumps
2014-08-20 12:22 - 2014-08-20 12:22 - 00001039 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-20 12:14 - 2014-08-20 12:14 - 00000000 ____D () C:\windows\ERUNT
2014-08-20 12:13 - 2014-08-20 12:13 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
2014-08-20 10:49 - 2012-05-27 15:09 - 00000000 ____D () C:\Users\Arthur\Documents\Youcam
2014-08-20 08:45 - 2009-07-14 00:45 - 00311168 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-19 21:08 - 2012-06-26 17:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-08-19 20:06 - 2014-08-19 20:06 - 00000000 _____ () C:\windows\setuperr.log
2014-08-19 20:05 - 2014-08-19 20:05 - 00004122 _____ () C:\windows\PFRO.log
2014-08-19 20:05 - 2014-08-19 16:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 19:20 - 2014-08-19 19:20 - 89636864 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 05275648 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00032768 _____ () C:\windows\system32\config\SAM.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-08-19 19:20 - 2012-01-20 18:03 - 00000000 ____D () C:\Users\Arthur
2014-08-19 19:13 - 2014-08-19 19:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Tific
2014-08-19 18:34 - 2014-08-19 18:34 - 00000085 _____ () C:\windows\wininit.ini
2014-08-19 18:34 - 2014-08-19 16:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 18:33 - 2014-08-19 16:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 18:32 - 2014-08-19 16:30 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\Users\Arthur\AppData\Local\PreEmptive Solutions
2014-08-19 18:09 - 2014-08-19 16:10 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 18:06 - 2014-08-19 18:06 - 01696192 _____ (ESET) C:\Users\Arthur\Downloads\eset_nod32_antivirus_live_installer.exe
2014-08-19 17:38 - 2014-08-19 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 17:38 - 2014-08-19 17:29 - 00000000 ____D () C:\Users\Arthur\Desktop\mbar
2014-08-19 17:30 - 2014-08-19 16:10 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-19 17:28 - 2014-08-19 17:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Arthur\Downloads\mbar-1.07.0.1012.exe
2014-08-19 17:20 - 2014-08-19 17:20 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL (1).exe
2014-08-19 17:11 - 2014-08-19 17:11 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL.exe
2014-08-19 16:43 - 2014-08-19 16:43 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-08-19 16:42 - 2014-08-19 16:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Arthur\Downloads\spybot-2.4.exe
2014-08-19 16:38 - 2014-08-19 16:37 - 16409960 _____ (Safer Networking Limited ) C:\Users\Arthur\Downloads\spybotsd162.exe
2014-08-19 16:36 - 2012-02-24 19:15 - 00000000 ___RD () C:\Users\Arthur\Desktop\Unused Desktop Items
2014-08-19 16:32 - 2014-08-19 16:30 - 00000000 ____D () C:\Users\Arthur\Documents\RegRun2
2014-08-19 16:30 - 2014-08-19 16:30 - 15790435 _____ () C:\Users\Arthur\Downloads\unhackme.zip
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\winstart.bat
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\CONFIG.NT
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\AUTOEXEC.NT
2014-08-19 16:28 - 2014-08-19 16:27 - 00000000 ____D () C:\Users\Arthur\AppData\Local\NPE
2014-08-19 16:27 - 2014-08-19 16:27 - 03077584 ____N (Symantec Corporation) C:\Users\Arthur\Downloads\NPE.exe
2014-08-19 16:27 - 2012-01-20 18:17 - 00000000 ____D () C:\ProgramData\Norton
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2012-07-12 20:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 16:10 - 2012-07-12 20:41 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Malwarebytes
2014-08-19 16:10 - 2012-07-12 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 15:36 - 2009-07-14 01:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Windows Live
2014-08-17 11:28 - 2011-11-06 01:01 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-08-17 10:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-15 13:32 - 2012-06-26 18:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-08-15 13:32 - 2012-06-26 18:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-08-15 13:26 - 2014-07-15 21:54 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 13:22 - 2012-01-20 18:42 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 13:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-15 13:16 - 2014-07-16 12:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 11:12 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 11:12 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-03 10:45 - 2013-05-07 18:47 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Skype
2014-08-03 10:06 - 2014-08-03 10:06 - 00000000 ____D () C:\Users\Arthur\Desktop\Tor Browser
2014-08-03 10:04 - 2014-08-03 10:04 - 27239623 _____ () C:\Users\Arthur\Downloads\torbrowser-install-3.6.3_en-US.exe
2014-08-03 10:04 - 2014-08-03 10:03 - 01010912 _____ (Jitbit Software ) C:\Users\Arthur\Downloads\MacroRecorderSetup.exe
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ___RD () C:\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-03 09:39 - 2013-05-07 18:47 - 00000000 ____D () C:\ProgramData\Skype
2014-08-03 09:37 - 2014-08-03 09:37 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Arthur\Downloads\SkypeSetup (1).exe
2014-07-31 19:41 - 2014-08-15 11:13 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 11:13 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-07-27 12:09 - 2012-06-26 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-07-27 11:56 - 2012-01-20 18:05 - 00062840 _____ () C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-25 14:15 - 2014-07-24 12:35 - 00000040 _____ () C:\Users\Arthur\Desktop\am.txt
2014-07-25 13:53 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-07-25 13:06 - 2013-08-11 15:29 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer
2014-07-25 13:05 - 2012-01-20 20:53 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-07-25 13:02 - 2014-07-25 13:02 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer_Inc
2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-07-25 12:34 - 2014-07-25 12:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2014-07-25 12:33 - 2012-01-20 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-07-25 12:20 - 2013-08-11 15:26 - 00000000 ____D () C:\ProgramData\Razer
2014-07-25 12:15 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\VS
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-07-25 11:55 - 2012-06-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-25 10:52 - 2014-08-15 11:13 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-15 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-15 11:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-15 11:13 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-15 11:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-15 11:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-15 11:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-15 11:13 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-15 11:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-15 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-15 11:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-15 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-15 11:13 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-15 11:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-15 11:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-15 11:13 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-15 11:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-15 11:13 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-15 11:13 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-15 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-15 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-15 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-15 11:13 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-15 11:13 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-15 11:13 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-15 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-15 11:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-15 11:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-15 11:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-15 11:13 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-15 11:13 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-15 11:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-15 11:13 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-15 11:13 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-15 11:13 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-15 11:13 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-15 11:13 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-15 11:13 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-15 11:13 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-15 11:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-15 11:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-15 11:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-15 11:13 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-15 11:13 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-15 11:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-15 11:13 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-15 11:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-15 11:13 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-15 11:13 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-15 11:13 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-15 11:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-15 11:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-15 11:13 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-15 11:13 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 14:40 - 2012-07-13 14:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\SoftGrid Client
2014-07-24 11:28 - 2013-05-24 19:24 - 00000000 ____D () C:\Users\Arthur\Desktop\css
2014-07-24 11:28 - 2012-12-25 18:17 - 00000000 ____D () C:\Users\Arthur\Desktop\CSS stuff (dont delete)
2014-07-24 11:21 - 2011-11-06 00:21 - 00000000 ____D () C:\ProgramData\Intel
2014-07-24 11:21 - 2011-11-06 00:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-24 11:20 - 2011-11-06 00:19 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-07-24 11:18 - 2014-07-01 12:28 - 00000000 ____D () C:\Program Files\Intel
2014-07-24 11:17 - 2014-07-24 11:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-24 11:17 - 2014-07-24 11:17 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-24 11:17 - 2014-06-27 13:19 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-07-24 11:15 - 2013-05-24 19:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-24 11:13 - 2014-07-24 11:12 - 94972064 _____ (Intel® Corporation) C:\Users\Arthur\Downloads\Wireless_16.7.0_s64.exe
2014-07-24 11:13 - 2014-07-24 11:12 - 145417920 _____ (Intel Corporation) C:\Users\Arthur\Downloads\Win64_152822.exe
2014-07-24 11:06 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-24 10:56 - 2014-07-15 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 10:56 - 2014-07-15 21:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 10:56 - 2014-07-15 21:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 10:53 - 2014-07-24 10:53 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-22 10:20 - 2014-07-22 10:20 - 00000000 __RHD () C:\MSOCache
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-18 13:36
==================== End Of Log ============================
#9
Posted 22 August 2014 - 11:11 AM
I just wanted to check in and let you know we are still working on your issue. I did have three questions however.
1. Is Chrome your Primary browser that you use?
2. Do you utilize bookmarks in Chrome?
3. Do you use the Windows Live Photo Gallery as far as you know?
Please let me know. Lastly I'm going to post your log below since it will be easier to research and provide a better historical record than having it referenced at an external site like MediaFire.
1. Yes
2. Yes, I just have 4 bookmarks though
3. No
Edited by kingkeef, 22 August 2014 - 11:12 AM.
#10
Posted 22 August 2014 - 02:08 PM
I apologize it took so long to get back to you. We do our best. Overall your machine is fairly clean. A few things to fix and check though. I see that you have run many tools and have done many scans however I would like to do a couple. Please follow the instructions below
Step#1 - FRST Fix
1. Download attached file and save it to the Desktop.
fixlist.txt 1.04KB
202 downloads
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#2 - Uninstalls
1. I see that you have Advanced SystemCare 6 installed. We don't recommend this program or any registry cleaners/optimizers as they can cause more harm than good. I highly recommend
you uninstall this program.
2. Since you don't use Windows Live Photo Gallery and it appears that plugin in chrome may be corrupt I would like to uninstall this. Please do the following.
a) Go to Programs and Features (Start...Control Panel...Uninstall a Program)
b) Select Windows Live Essentials
c) Click the Uninstall/Change button
d) Choose "Remove one or more Essentials programs"
e) Put a check mark in "Photo Gallery and Movie Maker" (if you use Movie Maker we can re-install after everything is working correctly on your machine)
f) Click Uninstall
Step#3 - Adware Scan
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-Click on AdwCleaner.exe and select Run as administrator to run the tool. Click Yes if asked to allow the program from an unknown publisher.
4. Click I Agree on the Terms of Use screen.
5. Click on Scan.
6. After the scan is complete click on "Clean"
7. Confirm each time with Ok on the messages that follow.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. You can find the logfile at C:\AdwCleaner[S0].txt as well.
Step#4 - Questions
1. I see you downloaded and extracted Malware Bytes Antirookit. Have you run this? If so, on your desktop within the mbar folder you will find a log that begins with mbar-log. Can you post the contents of this?
Items for your next post
1. Contents of the fixlog.
2. Contents of the AdwCleaner log.
3. Provide mbar log if it was run.
#11
Posted 23 August 2014 - 07:46 PM
#12
Posted 23 August 2014 - 08:06 PM
No problem. Yes that would be great if you could run mbar after Adw. It appears you know what's involved in running it but just in case I'll provide instructions below.
1. Download Malwarebytes Anti-Rootkit to your desktop from here.
2. Right-Click on the file that was downloaded and choose Run as administrator. Answer Yes if prompted to Allow.
3. Click OK at the installer screen that comes up.
4. The software will be extracted and will open.
5. Click Next at the first screen.
6. The Update Database screen will appear. Click the Update button.
7. Once updated, click the Next button.
8. On the Scan System screen, click the Scan button.
9. Once, the Scan is finished, even if rootkits were detected, don't click the Cleanup button. Just exit the program.
10. On your desktop, there will be a folder named mbar. Open this folder and you will find a log that begins with mbar-log-. Please open this file and copy the contents in to your next post.
#13
Posted 24 August 2014 - 08:06 AM
#14
Posted 24 August 2014 - 09:11 AM
Thanks for the log. Don't forget to do Steps#2, #3 & #4 as I need the logs from steps 3 and 4 as well. Thank you.
#15
Posted 24 August 2014 - 09:21 AM
The Adw scan was taking forever for no apparent reason... anyways
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users