Hi everyone,
A couple of days ago my computer may have been infected with a version of the 'Bundespolizei' trojan – basically a German version of the FBI ransomware one which locks your computer/browser and demands that you pay €100 via a PaySafe card. Luckily, the version I encountered only froze my browser, and I eventually managed to close it. Since then, my computer has appeared to run without problems, although I haven't been using it for anything aside from word processing. I've run scans with ESET online, Spybot S+D, Avast!, Malwarebytes Anti-Malware, and AdwCleaner, all of which have found nothing aside from a couple of toolbars. As I'm not sure if this means I got lucky or if I'm missing something, I've run FRST and Oldtimer, and will post the logs below. The main thing I'm concerned about it the changes that Oldtimer shows were made to these two files roughly at the time of the attack:
06-18 12:32:35 | 000,674,062 | ---- | M] () -- C:\windows\System32\perfh009.dat
06-18 12:32:35 | 000,126,238 | ---- | M] () -- C:\windows\System32\perfc009.dat
As I have limited knowledge, I don't really know if this is something I need to be worried about or not. If anyone has time to look through the logs and let me know if there's anything else I should do, or whether it's safe to use my computer online again, I'd really appreciate it!
Thanks in advance,
Ryan
Oldtimer log:
gfile created on: 20-Jun-14 5:08:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ry\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.29% Memory free
3.98 Gb Paging File | 2.41 Gb Available in Paging File | 60.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 48.20 Gb Free Space | 48.20% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 39.60 Gb Free Space | 21.63% Space Free | Partition Type: NTFS
Computer Name: RY-PC | User Name: Ry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014-06-20 16:59:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ry\Downloads\OTL.exe
PRC - [2014-06-17 11:05:46 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014-05-08 20:37:20 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-01-20 00:18:37 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Ry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-10-24 00:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Ry\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013-08-02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013-03-27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013-03-27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-11-22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012-11-22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012-11-13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012-11-13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012-11-13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012-11-13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011-04-12 01:08:52 | 000,088,704 | ---- | M] (ASUS) -- C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011-03-11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2011-03-04 01:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
PRC - [2011-03-04 01:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2011-03-04 01:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\HotkeyService\HotkeyService.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\Asus\CapsHook\CapsHook.exe
PRC - [2010-11-15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\SHE\SuperHybridEngine.exe
PRC - [2010-05-21 22:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010-05-21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009-06-09 10:56:00 | 000,099,632 | ---- | M] () -- C:\Program Files\Stardock\MyColors\WBVista.exe
PRC - [2009-06-09 10:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\MyColors\VistaSrv.exe
========== Modules (No Company Name) ==========
MOD - [2014-01-20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-01-20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013-12-07 11:41:35 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012-01-09 20:43:31 | 001,149,952 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
MOD - [2010-05-21 22:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009-06-09 10:55:58 | 000,057,904 | ---- | M] () -- C:\Windows\System32\wbload.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2014-05-30 10:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014-05-14 10:31:22 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014-05-08 20:37:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014-05-07 04:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-12-18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-03-29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-03-27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012-11-22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012-01-29 21:13:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-03-04 01:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2010-05-21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009-06-09 10:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
========== Driver Services (SafeList) ==========
DRV - [2014-06-20 15:39:14 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014-05-19 01:36:03 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014-05-19 01:36:03 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014-05-19 01:36:03 | 000,068,312 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014-05-12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014-05-12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014-05-08 20:37:39 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014-05-08 20:37:39 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014-05-08 20:37:38 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014-05-08 20:37:38 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014-05-08 20:37:38 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2013-03-25 15:41:44 | 000,065,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012-12-13 12:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2012-11-22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010-11-20 12:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 12:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 11:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-09-27 09:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010-08-03 07:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010-06-28 07:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-07-22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009-07-20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009-07-14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009-07-14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-07-14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-02-24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008-05-06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://eeepc.asus.com [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ry\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ry\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-08 20:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2012-05-16 16:22:54 | 000,000,000 | ---D | M]
[2014-05-27 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ry\AppData\Roaming\Mozilla\Extensions
[2012-02-12 23:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ry\AppData\Roaming\Mozilla\Firefox\extensions
[2012-02-12 23:33:40 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Ry\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013-05-21 13:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014-05-27 17:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014-05-27 17:05:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
CHR - Extension: Adblock Plus = C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: avast! Online Security = C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_1\
CHR - Extension: The Great Suspender = C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg\4.74_0\
CHR - Extension: Google Wallet = C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
O1 HOSTS File: ([2013-09-17 19:52:21 | 000,449,438 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [f.lux] C:\Users\Ry\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ED27E93-A938-4C88-869D-3EA98C33CB8D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-06-20 15:20:54 | 000,000,000 | ---D | C] -- C:\FRST
[2014-06-18 15:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014-06-18 13:38:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-06-18 13:28:21 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014-06-18 13:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-06-18 13:27:19 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2014-06-18 13:27:19 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mwac.sys
[2014-06-18 13:27:19 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2014-06-18 13:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014-06-18 13:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-06-12 00:30:10 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\JavaScriptCollectionAgent.dll
[2014-06-12 00:30:09 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe
[2014-06-12 00:30:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll
[2014-06-12 00:30:07 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2014-06-12 00:30:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2014-06-12 00:30:02 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2014-06-12 00:30:01 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2014-06-12 00:30:01 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2014-06-12 00:30:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2014-06-12 00:30:00 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014-06-12 00:29:57 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2014-06-12 00:29:56 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2014-06-12 00:29:55 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2014-06-12 00:29:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2014-06-12 00:29:52 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2014-06-12 00:29:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll
[2014-06-12 00:29:47 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2014-06-12 00:29:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2014-06-12 00:29:38 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2014-06-12 00:29:32 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll
[2014-06-12 00:29:24 | 004,244,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2014-06-11 11:11:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml6r.dll
[2014-06-11 11:11:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll
[2014-06-11 11:11:45 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2014-06-11 11:11:42 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll
[2014-06-11 11:11:39 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll
[2014-05-27 17:06:35 | 000,000,000 | ---D | C] -- C:\Users\Ry\AppData\Local\Mozilla
[2014-05-27 17:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014-05-27 17:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-06-20 16:47:04 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2572986754-2421115835-1037706739-1000UA.job
[2014-06-20 16:30:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014-06-20 15:39:14 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014-06-20 13:23:28 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-06-20 13:23:28 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-06-20 13:13:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014-06-20 13:13:39 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2014-06-20 01:58:22 | 000,000,844 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2572986754-2421115835-1037706739-1000Core.job
[2014-06-18 15:02:49 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014-06-18 13:27:35 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-06-18 12:32:35 | 000,674,062 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014-06-18 12:32:35 | 000,126,238 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014-06-13 20:38:56 | 000,002,315 | ---- | M] () -- C:\Users\Ry\Desktop\Google Chrome.lnk
[2014-06-09 14:15:08 | 004,915,617 | ---- | M] () -- C:\Users\Ry\117578_Cambridge_English_First__FCE__Handbook.pdf
[2014-06-08 10:48:16 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll
[2014-06-08 10:43:43 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll
[2014-05-30 11:02:39 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014-05-30 11:02:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll
[2014-05-30 10:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2014-05-30 10:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll
[2014-05-30 10:34:17 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2014-05-30 10:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2014-05-30 10:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2014-05-30 10:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2014-05-30 10:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe
[2014-05-30 10:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll
[2014-05-30 10:21:36 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2014-05-30 10:16:26 | 000,368,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2014-05-30 10:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\JavaScriptCollectionAgent.dll
[2014-05-30 10:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2014-05-30 10:02:32 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2014-05-30 09:57:16 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2014-05-30 09:56:50 | 004,244,992 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2014-05-30 09:54:14 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2014-05-30 09:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2014-05-30 09:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2014-05-30 09:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2014-05-27 17:06:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-06-18 13:27:35 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-06-09 14:12:52 | 004,915,617 | ---- | C] () -- C:\Users\Ry\117578_Cambridge_English_First__FCE__Handbook.pdf
[2014-05-27 17:06:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-05-27 17:06:21 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014-05-08 20:37:50 | 000,024,184 | ---- | C] () -- C:\windows\System32\drivers\aswHwid.sys
[2014-02-18 23:23:13 | 075,719,201 | ---- | C] () -- C:\Users\Ry\Murphy_R_English_Grammar_in_Use.pdf
[2013-11-26 12:29:05 | 000,403,540 | ---- | C] () -- C:\Users\Ry\writing an academic paper - workbook two.pdf
[2013-11-25 23:30:23 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2013-11-20 19:52:32 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2013-11-20 18:16:06 | 000,000,050 | ---- | C] () -- C:\windows\System32\bridf08b.dat
[2013-05-21 13:54:11 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013-04-28 08:47:35 | 000,180,632 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013-04-28 08:47:35 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013-04-05 10:10:20 | 001,082,595 | ---- | C] () -- C:\Users\Ry\scan0007.pdf
[2012-05-30 11:56:05 | 000,000,355 | ---- | C] () -- C:\Users\Ry\Favorites - Shortcut.lnk
[2011-04-21 02:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Files - Unicode (All) ==========
[2014-05-30 15:38:39 | 000,000,000 | ---D | M](C:\Users\Ry\Documents\Stories?Ideas?Beginnings) -- C:\Users\Ry\Documents\StoriesIdeasBeginnings
[2012-01-31 01:27:29 | 000,000,000 | ---D | C](C:\Users\Ry\Documents\Stories?Ideas?Beginnings) -- C:\Users\Ry\Documents\StoriesIdeasBeginnings
[2012-01-28 21:32:09 | 000,000,059 | ---- | M] ()(C:\windows\System32\?G) -- C:\windows\System32\Ǧ
[2012-01-28 21:32:09 | 000,000,059 | ---- | C] ()(C:\windows\System32\?G) -- C:\windows\System32\Ǧ
< End of report >
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by Ry (administrator) on RY-PC on 20-06-2014 15:21:32
Running from E:\
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(Stardock Corporation) C:\Program Files\Stardock\MyColors\VistaSrv.exe
() C:\Program Files\Stardock\MyColors\WBVista.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AsusService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotkeyService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\SHE\SuperHybridEngine.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\Ry\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Ry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2011-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1252272 2011-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-11] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-17] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2572986754-2421115835-1037706739-1000\...\Run: [f.lux] => C:\Users\Ry\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2572986754-2421115835-1037706739-1000\...\Run: [Spotify Web Helper] => C:\Users\Ry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-20] (Spotify Ltd)
HKU\S-1-5-21-2572986754-2421115835-1037706739-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-2572986754-2421115835-1037706739-1000\...\Run: [Google Update] => C:\Users\Ry\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk
ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files\Stardock\MyColors\SDDelayedLaunch.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ry\AppData\Roaming\Mozilla\Firefox\Profiles\adtobpp2.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Ry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ry\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ry\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-29]
FF HKCU\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2012-05-16]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Adblock Plus) - C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-01]
CHR Extension: (avast! Online Security) - C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-29]
CHR Extension: (The Great Suspender) - C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-06-16]
CHR Extension: (Google Wallet) - C:\Users\Ry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-08]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2012-05-16]
CHR StartMenuInternet: Google Chrome - C:\Users\Ry\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-22] (Check Point Software Technologies)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
R2 WindowBlinds; C:\Program Files\Stardock\MyColors\VistaSrv.exe [230704 2009-06-09] (Stardock Corporation)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-05-08] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-05-08] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-05-08] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [777488 2014-05-19] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [411680 2014-05-19] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [68312 2014-05-19] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180632 2014-05-08] ()
S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-22] (Check Point Software Technologies)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 mcdbus; C:\windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [454744 2012-12-13] (Check Point Software Technologies LTD)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-20 15:20 - 2014-06-20 15:21 - 00000000 ____D () C:\FRST
2014-06-20 13:13 - 2014-06-20 13:13 - 00000056 _____ () C:\windows\setupact.log
2014-06-20 13:13 - 2014-06-20 13:13 - 00000000 _____ () C:\windows\setuperr.log
2014-06-18 17:02 - 2014-06-18 17:02 - 00001705 _____ () C:\Users\Ry\Documents\ESET scan - 18.6.14.txt
2014-06-18 15:17 - 2014-06-18 15:17 - 00000000 ____D () C:\Program Files\ESET
2014-06-18 15:16 - 2014-06-18 15:16 - 02347384 _____ (ESET) C:\Users\Ry\Downloads\esetsmartinstaller_enu.exe
2014-06-18 15:00 - 2014-06-18 15:01 - 04748896 _____ (Piriform Ltd) C:\Users\Ry\Downloads\ccsetup414.exe
2014-06-18 13:38 - 2014-06-18 13:48 - 00000000 ____D () C:\AdwCleaner
2014-06-18 13:28 - 2014-06-20 13:44 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 13:27 - 2014-06-18 13:27 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 13:27 - 2014-06-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 13:27 - 2014-06-18 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 13:27 - 2014-06-18 13:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-18 13:27 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-18 13:27 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-18 13:27 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-18 12:49 - 2014-06-18 12:49 - 01333465 _____ () C:\Users\Ry\Downloads\adwcleaner_3.212.exe
2014-06-18 12:49 - 2014-06-18 12:49 - 01016261 _____ (Thisisu) C:\Users\Ry\Downloads\JRT.exe
2014-06-18 12:43 - 2014-06-18 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ry\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-12 00:30 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-12 00:30 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-12 00:30 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-12 00:30 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-12 00:30 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-12 00:30 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-12 00:30 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-12 00:30 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-12 00:30 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 00:30 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-12 00:30 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-12 00:29 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-12 00:29 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-12 00:29 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-12 00:29 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-12 00:29 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-12 00:29 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-12 00:29 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-12 00:29 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-12 00:29 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-12 00:29 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-12 00:29 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-12 00:29 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-12 00:29 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-12 00:29 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-12 00:29 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-12 00:29 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-12 00:29 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-11 11:11 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 11:11 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-11 11:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 11:11 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 11:11 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 11:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 11:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 11:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 11:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-09 16:20 - 2014-06-09 16:26 - 69917065 _____ () C:\Users\Ry\Downloads\niggas-on-the-moon.zip
2014-05-27 17:06 - 2014-05-27 17:07 - 00000000 ____D () C:\Users\Ry\AppData\Local\Mozilla
2014-05-27 17:06 - 2014-05-27 17:06 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-27 17:06 - 2014-05-27 17:06 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-27 17:06 - 2014-05-27 17:06 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-27 17:06 - 2014-05-27 17:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
==================== One Month Modified Files and Folders =======
2014-06-20 15:22 - 2012-01-28 21:29 - 00000000 ____D () C:\Users\Ry\AppData\Local\Temp
2014-06-20 15:21 - 2014-06-20 15:20 - 00000000 ____D () C:\FRST
2014-06-20 15:17 - 2012-01-29 12:24 - 01810063 _____ () C:\windows\WindowsUpdate.log
2014-06-20 14:47 - 2012-07-15 00:02 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572986754-2421115835-1037706739-1000UA.job
2014-06-20 14:30 - 2013-12-28 12:38 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 13:44 - 2014-06-18 13:28 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 13:23 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 13:23 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 13:14 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-20 13:13 - 2014-06-20 13:13 - 00000056 _____ () C:\windows\setupact.log
2014-06-20 13:13 - 2014-06-20 13:13 - 00000000 _____ () C:\windows\setuperr.log
2014-06-20 01:58 - 2012-07-15 00:02 - 00000844 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572986754-2421115835-1037706739-1000Core.job
2014-06-18 17:02 - 2014-06-18 17:02 - 00001705 _____ () C:\Users\Ry\Documents\ESET scan - 18.6.14.txt
2014-06-18 15:17 - 2014-06-18 15:17 - 00000000 ____D () C:\Program Files\ESET
2014-06-18 15:16 - 2014-06-18 15:16 - 02347384 _____ (ESET) C:\Users\Ry\Downloads\esetsmartinstaller_enu.exe
2014-06-18 15:02 - 2012-07-05 23:18 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-18 15:02 - 2012-01-29 21:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-18 15:01 - 2014-06-18 15:00 - 04748896 _____ (Piriform Ltd) C:\Users\Ry\Downloads\ccsetup414.exe
2014-06-18 13:51 - 2012-01-28 23:16 - 00000000 ____D () C:\Users\Ry\AppData\Roaming\CheckPoint
2014-06-18 13:48 - 2014-06-18 13:38 - 00000000 ____D () C:\AdwCleaner
2014-06-18 13:27 - 2014-06-18 13:27 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 13:27 - 2014-06-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 13:27 - 2014-06-18 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 13:27 - 2014-06-18 13:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-18 12:49 - 2014-06-18 12:49 - 01333465 _____ () C:\Users\Ry\Downloads\adwcleaner_3.212.exe
2014-06-18 12:49 - 2014-06-18 12:49 - 01016261 _____ (Thisisu) C:\Users\Ry\Downloads\JRT.exe
2014-06-18 12:44 - 2014-06-18 12:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ry\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-18 12:32 - 2009-07-27 12:11 - 00797890 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-18 01:38 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-06-16 14:21 - 2012-01-28 21:29 - 00000000 ____D () C:\Users\Ry
2014-06-13 20:38 - 2012-07-15 00:03 - 00002315 _____ () C:\Users\Ry\Desktop\Google Chrome.lnk
2014-06-13 13:32 - 2012-01-29 10:50 - 00000000 ____D () C:\Users\Ry\AppData\Roaming\Skype
2014-06-11 23:06 - 2014-05-07 11:27 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-11 12:28 - 2013-07-23 23:45 - 00000000 ____D () C:\windows\system32\MRT
2014-06-11 12:22 - 2012-05-16 16:04 - 92708840 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-10 14:51 - 2013-11-27 10:01 - 00000000 ____D () C:\Users\Ry\Documents\Freie Universität
2014-06-09 23:51 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-06-09 23:14 - 2012-02-15 14:45 - 00000000 ____D () C:\Users\Ry\AppData\Roaming\vlc
2014-06-09 13:28 - 2013-03-19 14:27 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-08 10:48 - 2014-06-11 11:11 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-11 11:11 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-30 15:38 - 2012-01-31 01:27 - 00000000 ____D () C:\Users\Ry\Documents\StoriesIdeasBeginnings
2014-05-30 11:18 - 2014-06-12 00:29 - 17271296 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 00:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 00:29 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 00:29 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 00:30 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 00:29 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 00:30 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 00:30 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 00:29 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 00:30 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 00:30 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 00:29 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 00:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 00:30 - 00368128 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 00:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 00:29 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 00:29 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 00:29 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 00:29 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 00:29 - 04244992 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 00:30 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 00:29 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 00:29 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 00:29 - 11725312 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 00:29 - 01790976 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 00:30 - 01143296 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 00:29 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-27 17:07 - 2014-05-27 17:06 - 00000000 ____D () C:\Users\Ry\AppData\Local\Mozilla
2014-05-27 17:07 - 2012-02-12 23:33 - 00000000 ____D () C:\Users\Ry\AppData\Roaming\Mozilla
2014-05-27 17:06 - 2014-05-27 17:06 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-27 17:06 - 2014-05-27 17:06 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-27 17:06 - 2014-05-27 17:06 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-27 17:06 - 2014-05-27 17:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-27 17:06 - 2013-05-21 13:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-27 14:00 - 2012-10-26 14:36 - 00000000 ____D () C:\Users\Ry\Documents\Tickets
Some content of TEMP:
====================
C:\Users\Ry\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 01:29
==================== End Of Log ============================