Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possibly Infected - Personaly Idenfiable Info Exposed.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby auto1671 » January 30th, 2015, 9:21 pm

I would just like a checkup to make sure everything is okay. Someone online had managed to get some of my personal information and then decided to post that via a chat room. So I would like to make sure that I have nothing on my computer like a Remote Access Trojan. Logs are as follows:

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.31.2
Run by Jack at 0:57:35 on 2015-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.2718 [GMT 0:00]
.
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Workrave\lib\Workrave.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Workrave\lib\WorkraveHelper.exe
C:\Program Files (x86)\Workrave\lib\dbus-daemon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\StrongVPN\StrongService.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\Jack\AppData\Local\Temp\Rar$EXa0.712\TC_Bot_testSJ34 (BETA build 2).exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.startpage.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [Workrave] C:\Program Files (x86)\Workrave\lib\workrave.exe
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [Kepard] "C:\Program Files (x86)\Kepard\Kepard.exe" tray
mRun: [DelaypluginInstall] C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe
mRun: [YouCam Service6] "C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe" /s
StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/ ... 5392713111
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787}\348494D494348414E47414 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787}\4514C4B44514C4B4D2836493431443 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787}\8416272796370284F6F6C6560275946494 : DHCPNameServer = 172.16.1.1 8.8.8.8
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787}\D4163747562734865666 : DHCPNameServer = 192.168.1.254
Handler: WSISAllmytubechrome - <Clsid value has no data>
SSODL: WebCheck - <orphaned>
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: WSISAllmytubechrome - <Clsid value has no data>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\7oel8un7.default-1421108389249\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\Jack\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2014-9-18 63160]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\bin\a2ddax64.sys [2014-9-18 26176]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2014-8-18 243440]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2014-8-18 44632]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2014-5-9 13824]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-10-1 1349576]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-14 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-14 969016]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2014-5-5 88720]
R2 StrongVPN Service;StrongVPN Service;C:\Program Files (x86)\StrongVPN\StrongService.exe [2014-11-6 101560]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-4-4 3020632]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-1 4799760]
R3 clwvd6;CyberLink WebCam Virtual Driver 6.0 Service;C:\Windows\System32\drivers\clwvd6.sys [2014-11-3 41704]
R3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2008-3-4 36432]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-14 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-14 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-14 425064]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-10-14 185352]
R3 tapstrong;StrongVPN Adapter;C:\Windows\System32\drivers\tapstrong.sys [2014-11-6 38760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 PORTMON;PORTMON;C:\Users\Jack\Documents\System Analayses\PORTMSYS.SYS [2014-7-29 28656]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-8-5 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-7 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-12-29 31800]
S3 tapSF0901;Spotflux Virtual Network Device Driver;C:\Windows\System32\drivers\tapSF0901.sys [2014-5-6 39104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-7 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-9 1255736]
S4 cleanhlp;cleanhlp;C:\EEK\bin\cleanhlp64.sys [2014-9-18 57024]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2015-01-27 22:15:51 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2015-01-27 20:31:18 -------- d-----w- C:\Program Files (x86)\ESET
2015-01-21 20:50:51 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2015-01-21 20:50:51 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2015-01-21 20:50:25 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2015-01-21 20:50:25 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2015-01-21 20:48:38 -------- d-----w- C:\Windows\System32\RsFx
2015-01-21 20:36:35 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2015-01-21 20:32:37 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2015-01-20 01:17:40 -------- d-----w- C:\Users\Jack\VirtualBox VMs
2015-01-20 01:12:41 -------- d-----w- C:\Users\Jack\.VirtualBox
2015-01-20 01:11:29 916024 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2015-01-20 01:11:21 128080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2015-01-18 22:08:12 -------- d-----w- C:\Users\Jack\AppData\Local\.distlib
2015-01-16 01:47:08 -------- d-----w- C:\Users\Jack\AppData\Roaming\TS3Client
2015-01-16 01:45:58 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2015-01-16 01:00:25 -------- d-----w- C:\Users\Jack\AppData\Roaming\Linphone
2015-01-16 01:00:09 -------- d-----w- C:\Program Files (x86)\Linphone
2015-01-15 00:27:52 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-14 03:03:21 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 03:01:24 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 03:01:24 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 03:01:24 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 02:59:24 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 02:57:26 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 02:57:01 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 02:57:01 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 02:57:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 02:57:00 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 02:57:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-14 02:57:00 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 02:57:00 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-13 23:41:30 -------- d-----w- C:\Program Files\TAP-Windows
2015-01-13 23:41:28 -------- d-----w- C:\Program Files\OpenVPN
2015-01-13 23:28:57 -------- d-----w- C:\Program Files (x86)\OpenVPN
2015-01-13 22:48:51 -------- d-----w- C:\ProgramData\purevpn
2015-01-13 22:48:45 -------- d-----w- C:\Program Files (x86)\PureVPN
2015-01-12 23:54:03 -------- d-----w- C:\Users\Jack\AppData\Roaming\Wireshark
2015-01-12 23:18:35 -------- d-----w- C:\Program Files (x86)\WinPcap
2015-01-12 23:18:09 -------- d-----w- C:\Program Files\Wireshark
2015-01-08 07:20:01 -------- d-----w- C:\ProgramData\Gyazo
2015-01-06 16:29:29 -------- d-----w- C:\Users\Jack\AppData\Local\Apple Computer
2015-01-06 16:28:45 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2015-01-06 16:27:21 -------- d-----w- C:\Program Files\iPod
2015-01-06 16:27:17 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-06 16:27:17 -------- d-----w- C:\Program Files\iTunes
2015-01-06 16:27:17 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2015-01-30 23:44:23 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-25 00:09:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 00:09:24 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-24 12:07:02 141440 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-11-24 12:06:10 204264 ------w- C:\Windows\System32\VBoxNetFltNobj.dll
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 06:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 06:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 06:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-10 20:13:14 875472 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2014-11-10 20:13:14 535008 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2014-11-10 20:13:14 252400 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 0:59:28.06 ===============


Attach.txt Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/05/2014 14:45:14
System Uptime: 30/01/2015 15:29:27 (9 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV420/RV520/RV720/E3530/S3530/E3420/E3520
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 693 GiB total, 559.877 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: CSN5PDTS82x64 NDIS Protocol Driver
Device ID: ROOT\LEGACY_CSN5PDTS82X64\0000
Manufacturer:
Name: CSN5PDTS82x64 NDIS Protocol Driver
PNP Device ID: ROOT\LEGACY_CSN5PDTS82X64\0000
Service: CSN5PDTS82x64
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Capsax64Drv0 NDIS Protocol Driver
Device ID: ROOT\LEGACY_CAPSAX64DRV0\0000
Manufacturer:
Name: Capsax64Drv0 NDIS Protocol Driver
PNP Device ID: ROOT\LEGACY_CAPSAX64DRV0\0000
Service: Capsax64Drv0
.
==== System Restore Points ===================
.
RP294: 21/01/2015 21:42:25 - End of disinfection
RP295: 23/01/2015 01:50:48 - Windows Update
RP296: 27/01/2015 22:17:07 - Revo Uninstaller's restore point - Search App by Ask
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Amazon Kindle
Blueline 1.1.1
Broadcom Wireless Utility
calibre
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam 6
Dropbox
Enforcer: Police Crime Action
ESET Smart Security
Everything 1.2.1.371
GameSalad Creator
Google Chrome
Google Earth
Google Update Helper
Gyazo 2.3
HostsMan 4.3.100
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
ImgBurn
Intel(R) Processor Graphics
iTunes
Java 8 Update 31
Java Auto Updater
KeyNote 1.6.5
LibreOffice 4.3.4.1
Linphone version 3.7.0
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
Microsoft .NET Framework 4.5.1 SDK
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Help Viewer 2.1
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Data-Tier App Framework (x64)
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (12.0.30919.1)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Web Deploy 3.5
Microsoft Web Platform Installer 5.0
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MySQL Connector Net 6.5.4
MySQL Server 5.1
Online Support(S Service)
OpenVPN 2.1.1
OpenVPN 2.3.6-I001
Password Corral v4.0
Prerequisites for SSDT
PureVPN
Realtek Ethernet Controller Driver
Revo Uninstaller 1.95
Revo Uninstaller Pro 3.1.2
S Agent
Samsung Support Center 1.0
Samsung Update Plus
Sandboxie 4.14 (64-bit)
Security Task Manager 1.8g
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype™ 7.0
SpywareBlaster 5.0
Sql Server Customer Experience Improvement Program
Steam
StrongVPN Client
SW Update
swMSM
TAP-Windows 9.9.2
TeamSpeak 3 Client
TeamViewer 9
TreeSize Free V3.2.1
Update for (KB2504637)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WinPatrol
WinPcap 4.1.3
Wireshark 1.12.3 (64-bit)
Workrave 1.10
.
==== Event Viewer Messages From Past Week ========
.
30/01/2015 16:26:59, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Jack-PC\Guest SID (S-1-5-21-489198973-519768537-2425427861-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
30/01/2015 15:32:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Capsax64Drv0 CSN5PDTS82 CSN5PDTS82x64 CsNdisLWF
30/01/2015 15:31:06, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/01/2015 15:31:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
30/01/2015 01:00:50, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
28/01/2015 15:41:27, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
28/01/2015 00:35:04, Error: SbieDrv [1412] - SBIE1412 In text: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
28/01/2015 00:35:04, Error: SbieDrv [1406] - SBIE1406 Missing or invalid expansion for SystemDrive: [C0000189]
28/01/2015 00:34:54, Error: Service Control Manager [7023] - The Server service terminated with the following error: A specified authentication package is unknown.
28/01/2015 00:34:51, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
28/01/2015 00:30:34, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/01/2015 00:30:34, Error: Service Control Manager [7038] - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/01/2015 00:30:34, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/01/2015 00:30:34, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: A system shutdown is in progress.
28/01/2015 00:30:34, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: A system shutdown is in progress.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The TeamViewer 9 service failed to start due to the following error: The pipe has been ended.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The StrongVPN Service service failed to start due to the following error: The pipe has been ended.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: A system shutdown is in progress.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: A system shutdown is in progress.
27/01/2015 22:59:13, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
27/01/2015 22:59:12, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
27/01/2015 21:02:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
27/01/2015 21:02:04, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/01/2015 21:01:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8009c884e0, 0xfffff880048c7d10, 0xffffffffc0000001, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012715-23899-01.
27/01/2015 15:58:31, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:58:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/01/2015 15:58:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/01/2015 15:58:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
27/01/2015 15:58:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
27/01/2015 15:58:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/01/2015 15:58:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/01/2015 15:57:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Capsax64Drv0 CSN5PDTS82 CSN5PDTS82x64 CsNdisLWF DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss SABI spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
auto1671
Active Member
 
Posts: 10
Joined: June 7th, 2014, 12:02 pm
Advertisement
Register to Remove

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby Cypher » February 1st, 2015, 12:18 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby Cypher » February 1st, 2015, 12:24 pm

Hi and welcome back to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby auto1671 » February 1st, 2015, 6:19 pm

AdwCleaner Log:

# AdwCleaner v4.109 - Report created 01/02/2015 at 22:00:35
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jack - JACK-PC
# Running from : C:\Users\Jack\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Description

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.94


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [863 octets] - [01/02/2015 21:58:07]
AdwCleaner[S0].txt - [783 octets] - [01/02/2015 22:00:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [842 octets] ##########
auto1671
Active Member
 
Posts: 10
Joined: June 7th, 2014, 12:02 pm

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby auto1671 » February 1st, 2015, 6:20 pm

FRST.txt Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Jack (administrator) on JACK-PC on 01-02-2015 22:15:55
Running from C:\Users\Jack\Downloads
Loaded Profiles: Jack (Available profiles: Jack & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Black Oak Computers, Inc.) C:\Program Files (x86)\StrongVPN\StrongService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(The Workrave development team) C:\Program Files (x86)\Workrave\lib\Workrave.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dropbox, Inc.) C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Workrave\lib\WorkraveHelper.exe
() C:\Program Files (x86)\Workrave\lib\dbus-daemon.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Notorious Development) C:\Users\Jack\AppData\Local\Temp\Rar$EXa0.437\TC_Bot_testSJ34 (BETA build 2).exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [5392896 2010-07-07] (Broadcom Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe
HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [504792 2014-03-28] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-489198973-519768537-2425427861-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-489198973-519768537-2425427861-1000\...\Run: [Workrave] => C:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team)
HKU\S-1-5-21-489198973-519768537-2425427861-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-489198973-519768537-2425427861-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-489198973-519768537-2425427861-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-489198973-519768537-2425427861-1000\...\MountPoints2: {d199eb95-2af0-11e4-8484-90a4de6f73d5} - E:\wubi.exe
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-489198973-519768537-2425427861-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-489198973-519768537-2425427861-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-489198973-519768537-2425427861-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-489198973-519768537-2425427861-1000 -> {F7601620-4200-4E33-B2E7-59F1144899F9} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/ ... 5392713111
Handler: WSISAllmytubechrome - No CLSID Value
ShellExecuteHooks-x32: - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\7oel8un7.default-1421108389249
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jack\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Malware Search - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\7oel8un7.default-1421108389249\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2015-01-24]
FF Extension: Adblock Plus - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\7oel8un7.default-1421108389249\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (Yahoo!) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogdoihocdkadpalbghcpfafbojcfofa [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [dogdoihocdkadpalbghcpfafbojcfofa] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2014-05-27] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2014-12-17] (The OpenVPN Project)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 StrongVPN Service; C:\Program Files (x86)\StrongVPN\StrongService.exe [101560 2015-01-20] (Black Oak Computers, Inc.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [4814336 2010-07-07] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-09-17] (Emsisoft GmbH)
S4 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-09-17] (Emsisoft GmbH)
R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-04] (DemoForge, LLC)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PORTMON; C:\Users\Jack\Documents\System Analayses\PORTMSYS.SYS [28656 2014-07-29] (Systems Internals) [File not signed]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-05-06] (Spotflux, Inc.)
R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [38760 2014-07-14] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-09-28] ()
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 22:15 - 2015-02-01 22:16 - 00015328 _____ () C:\Users\Jack\Downloads\FRST.txt
2015-02-01 22:15 - 2015-02-01 22:15 - 02131456 _____ (Farbar) C:\Users\Jack\Downloads\FRST64.exe
2015-02-01 22:15 - 2015-02-01 22:15 - 00000000 ____D () C:\FRST
2015-02-01 22:01 - 2015-02-01 22:01 - 00000306 _____ () C:\Windows\PFRO.log
2015-02-01 22:01 - 2015-02-01 22:01 - 00000056 _____ () C:\Windows\setupact.log
2015-02-01 22:01 - 2015-02-01 22:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-01 21:58 - 2015-02-01 22:14 - 00000000 ____D () C:\AdwCleaner
2015-02-01 21:57 - 2015-02-01 21:57 - 02194432 _____ () C:\Users\Jack\Downloads\adwcleaner_4.109.exe
2015-02-01 21:56 - 2015-02-01 21:56 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JACK-PC-Windows-7-Home-Premium-(64-bit).dat
2015-02-01 21:54 - 2015-02-01 21:54 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-01 21:54 - 2015-02-01 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-01 21:54 - 2015-02-01 21:54 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-01 21:53 - 2015-02-01 21:53 - 04803888 _____ () C:\Users\Jack\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-31 22:16 - 2015-01-31 22:16 - 01939992 _____ () C:\Users\Jack\Downloads\winrar-x64-520.exe
2015-01-31 22:16 - 2015-01-31 22:16 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-31 22:16 - 2015-01-31 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-31 19:25 - 2015-01-31 19:26 - 00000000 ____D () C:\Users\Jack\Desktop\Tor Browser
2015-01-31 19:19 - 2015-01-31 19:23 - 34324222 _____ () C:\Users\Jack\Downloads\torbrowser-install-4.0.3_en-US.exe
2015-01-31 19:17 - 2015-01-31 19:19 - 222961664 _____ () C:\Users\Jack\Downloads\liberte-2012.3.iso
2015-01-31 00:59 - 2015-01-31 00:59 - 00019862 _____ () C:\Users\Jack\Desktop\dds.txt
2015-01-31 00:59 - 2015-01-31 00:59 - 00017563 _____ () C:\Users\Jack\Desktop\attach.txt
2015-01-31 00:57 - 2015-01-31 00:57 - 00688992 ____R (Swearware) C:\Users\Jack\Downloads\dds.scr
2015-01-30 16:37 - 2015-01-30 16:37 - 02347384 _____ (ESET) C:\Users\Jack\Downloads\esetsmartinstaller_enu.exe
2015-01-30 16:13 - 2015-01-30 16:13 - 00000030 _____ () C:\Users\Jack\Documents\Auth codes for BH..txt
2015-01-29 21:48 - 2015-01-31 12:34 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-01-29 21:48 - 2015-01-29 21:48 - 01766152 _____ () C:\Users\Jack\Downloads\wrar520.exe
2015-01-27 23:46 - 2015-01-27 23:58 - 1504245760 _____ () C:\Users\Jack\Downloads\zorin-os-9.1-core-64.iso
2015-01-27 23:10 - 2015-01-27 23:29 - 960461200 _____ () C:\Users\Jack\Downloads\linuxmint-17.1-cinnamon-64bit.iso.part
2015-01-27 22:40 - 2015-01-27 22:40 - 00108872 _____ () C:\Users\Jack\Documents\New Firefox.bookmarks.html
2015-01-27 22:39 - 2015-01-27 22:39 - 00023403 _____ () C:\Users\Jack\Documents\Passwords..odt
2015-01-27 22:15 - 2015-01-27 22:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jack\Downloads\revosetup(1).exe
2015-01-27 22:15 - 2015-01-27 22:15 - 00001264 _____ () C:\Users\Jack\Desktop\Revo Uninstaller.lnk
2015-01-27 22:15 - 2015-01-27 22:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-27 22:12 - 2015-01-27 22:33 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\ImgBurn
2015-01-27 22:09 - 2015-01-27 22:09 - 00001877 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-01-27 22:09 - 2015-01-27 22:09 - 00001865 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2015-01-27 22:09 - 2015-01-27 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-01-27 22:09 - 2015-01-27 22:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2015-01-27 22:06 - 2015-01-27 22:06 - 00160765 _____ () C:\Users\Jack\Documents\Blue Line Info..odt
2015-01-27 21:33 - 2015-01-27 21:33 - 00088799 _____ () C:\Users\Jack\Documents\More additional info to be transferred..odt
2015-01-27 21:09 - 2015-01-27 21:27 - 1632927744 _____ () C:\Users\Jack\Downloads\linuxmint-17.1-mate-64bit.iso
2015-01-27 20:27 - 2015-01-27 20:28 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jack\Downloads\iExplore(1).exe
2015-01-26 20:23 - 2015-01-26 20:23 - 00001868 _____ () C:\Users\Jack\Documents\JRT.txt110.txt
2015-01-24 15:58 - 2015-01-24 15:58 - 00000000 ____D () C:\Windows\Sun
2015-01-24 04:17 - 2015-01-24 04:17 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TS3Client
2015-01-21 21:12 - 2015-01-21 21:12 - 00813920 _____ (Microsoft Corporation) C:\Users\Jack\Downloads\VS10sp1-KB983509.exe
2015-01-21 20:50 - 2009-07-22 08:17 - 00111640 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2015-01-21 20:50 - 2009-07-22 08:17 - 00079896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2015-01-21 20:50 - 2009-07-22 08:17 - 00078872 _____ (Microsoft Corporation) C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2015-01-21 20:50 - 2009-07-22 08:17 - 00050200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2015-01-21 20:48 - 2015-01-21 20:48 - 00000000 ____D () C:\Windows\system32\RsFx
2015-01-21 20:47 - 2015-01-21 20:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2015-01-21 20:46 - 2015-01-21 20:46 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-01-21 20:42 - 2015-01-21 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2015-01-21 20:27 - 2015-01-21 20:27 - 03324232 _____ (Microsoft Corporation) C:\Users\Jack\Downloads\vc_web.exe
2015-01-20 22:06 - 2015-01-20 22:07 - 00000000 ____D () C:\Users\Jack\Desktop\Simple_Calculater
2015-01-20 16:18 - 2015-01-20 16:18 - 00012034 _____ () C:\Users\Jack\Documents\Mobile 3 debt info..odt
2015-01-20 01:17 - 2015-01-20 01:19 - 00000000 ____D () C:\Users\Jack\VirtualBox VMs
2015-01-20 01:12 - 2015-01-20 01:19 - 00000000 ____D () C:\Users\Jack\.VirtualBox
2015-01-20 01:11 - 2014-11-24 12:07 - 00916024 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-01-20 01:11 - 2014-11-24 12:07 - 00128080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-01-20 01:07 - 2015-01-20 01:08 - 110587080 _____ (Oracle Corporation) C:\Users\Jack\Downloads\VirtualBox-4.3.20-96997-Win.exe
2015-01-19 01:15 - 2015-01-20 22:33 - 00000226 _____ () C:\Users\Jack\Desktop\HelloWorld3.cpp
2015-01-18 22:10 - 2015-01-18 22:11 - 02326526 _____ () C:\Users\Jack\Downloads\pygame-1.9.1release.zip
2015-01-18 22:08 - 2015-01-18 22:08 - 00000000 ____D () C:\Users\Jack\AppData\Local\.distlib
2015-01-18 22:08 - 2015-01-18 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2015-01-18 22:05 - 2015-01-18 22:05 - 25206784 _____ () C:\Users\Jack\Downloads\python-3.4.0.amd64.msi
2015-01-18 22:03 - 2015-01-18 22:04 - 08569273 _____ () C:\Users\Jack\Downloads\pywin32-218.win-amd64-py3.4(1).exe
2015-01-18 21:57 - 2015-01-18 21:57 - 24530944 _____ () C:\Users\Jack\Downloads\python-3.4.2(1).msi
2015-01-18 21:56 - 2015-01-18 21:56 - 08569273 _____ () C:\Users\Jack\Downloads\pywin32-218.win-amd64-py3.4.exe
2015-01-18 21:55 - 2015-01-18 21:55 - 08569257 _____ () C:\Users\Jack\Downloads\pywin32-218.win-amd64-py3.3.exe
2015-01-17 20:02 - 2015-01-27 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 01:47 - 2015-01-16 02:19 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\TS3Client
2015-01-16 01:46 - 2015-01-16 01:46 - 00000967 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-01-16 01:46 - 2015-01-16 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-01-16 01:45 - 2015-01-16 01:46 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-01-16 01:44 - 2015-01-16 01:45 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Jack\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2015-01-16 01:00 - 2015-01-16 01:00 - 00001089 _____ () C:\Users\Jack\Desktop\Linphone.lnk
2015-01-16 01:00 - 2015-01-16 01:00 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Linphone
2015-01-16 01:00 - 2015-01-16 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linphone
2015-01-16 01:00 - 2015-01-16 01:00 - 00000000 ____D () C:\Program Files (x86)\Linphone
2015-01-16 00:59 - 2015-01-16 00:59 - 19213640 _____ (linphone.org ) C:\Users\Jack\Downloads\linphone-3.7.0-setup.exe
2015-01-15 00:27 - 2015-01-24 15:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 00:27 - 2015-01-15 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-15 00:26 - 2015-01-24 15:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-15 00:25 - 2015-01-15 00:25 - 00638888 _____ (Oracle Corporation) C:\Users\Jack\Downloads\jxpiinstall(2).exe
2015-01-15 00:25 - 2015-01-15 00:25 - 00003128 _____ () C:\Windows\System32\Tasks\{7ED07EA1-2B6D-4FED-8C51-E6F947F39DC3}
2015-01-15 00:24 - 2015-01-15 00:24 - 09074414 _____ () C:\Users\Jack\Downloads\syndie-installer-1.105b.bin.win64.exe
2015-01-15 00:24 - 2015-01-15 00:24 - 00003166 _____ () C:\Windows\System32\Tasks\{2330365E-2415-4831-9C10-EA8C78B9EA45}
2015-01-15 00:22 - 2015-01-15 00:22 - 00003150 _____ () C:\Windows\System32\Tasks\{A936449C-A327-4A03-BB28-833C000B0B27}
2015-01-15 00:21 - 2015-01-15 00:21 - 14751093 _____ () C:\Users\Jack\Downloads\i2pinstall_0.9.17_windows.exe
2015-01-14 03:03 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 03:01 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 03:01 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 03:01 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 02:59 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 02:57 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 02:57 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 02:57 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 02:57 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 02:57 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 02:57 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 02:57 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 02:57 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 23:41 - 2015-01-13 23:41 - 00000908 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-01-13 23:41 - 2015-01-13 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-01-13 23:41 - 2015-01-13 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-01-13 23:41 - 2015-01-13 23:41 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-13 23:41 - 2015-01-13 23:41 - 00000000 ____D () C:\Program Files\OpenVPN
2015-01-13 23:40 - 2015-01-13 23:40 - 01811608 _____ () C:\Users\Jack\Downloads\openvpn-install-2.3.6-I001-x86_64.exe
2015-01-13 23:30 - 2015-01-13 23:30 - 00001125 _____ () C:\Users\Jack\Desktop\OpenVPN GUI.lnk
2015-01-13 23:30 - 2015-01-13 23:30 - 00001125 _____ () C:\Users\Guest\Desktop\OpenVPN GUI.lnk
2015-01-13 23:28 - 2015-01-13 23:30 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-01-13 23:28 - 2015-01-13 23:30 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2015-01-13 23:28 - 2015-01-13 23:28 - 01214201 _____ () C:\Users\Jack\Downloads\openvpn-install.zip
2015-01-13 22:48 - 2015-01-24 15:50 - 00000000 ____D () C:\ProgramData\purevpn
2015-01-13 22:48 - 2015-01-13 23:48 - 00000000 ____D () C:\Program Files (x86)\PureVPN
2015-01-13 22:48 - 2015-01-13 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureVPN
2015-01-13 22:48 - 2015-01-13 22:48 - 00001071 _____ () C:\Users\Public\Desktop\PureVPN.lnk
2015-01-13 22:47 - 2015-01-13 22:47 - 00441560 _____ (PureVPN ) C:\Users\Jack\Downloads\purevpn_windows(1).exe
2015-01-12 23:54 - 2015-01-12 23:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Wireshark
2015-01-12 23:24 - 2015-01-12 23:24 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Jack\Downloads\ADSSpy.exe
2015-01-12 23:18 - 2015-01-19 23:35 - 00002038 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-01-12 23:18 - 2015-01-16 02:22 - 00001748 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2015-01-12 23:18 - 2015-01-16 02:22 - 00000000 ____D () C:\Program Files\Wireshark
2015-01-12 23:18 - 2015-01-12 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-01-12 23:18 - 2015-01-12 23:18 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-01-12 23:17 - 2015-01-12 23:17 - 28046608 _____ (Wireshark development team) C:\Users\Jack\Downloads\Wireshark-win64-1.10.12.exe
2015-01-12 23:13 - 2015-01-12 23:13 - 05096104 _____ (JAM Software ) C:\Users\Jack\Downloads\TreeSizeFreeSetup(1).exe
2015-01-12 23:13 - 2015-01-12 23:13 - 00056778 _____ () C:\Users\Jack\Desktop\LAtest_Show-Hidden.txt
2015-01-12 23:13 - 2015-01-12 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-01-12 23:07 - 2015-01-12 23:08 - 00056778 _____ () C:\Users\Jack\Desktop\Show-Hidden.txt
2015-01-12 23:07 - 2015-01-12 23:07 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\Jack\Downloads\show-hidden(1).exe
2015-01-12 23:04 - 2015-01-12 23:04 - 01121208 _____ () C:\Users\Jack\Downloads\ProcessMonitor.zip
2015-01-12 22:33 - 2015-01-12 22:33 - 01188194 _____ () C:\Users\Jack\Downloads\ProcessExplorer(1).zip
2015-01-12 22:09 - 2015-01-12 22:10 - 00291606 _____ () C:\Users\Jack\Downloads\TCPView.zip
2015-01-12 15:53 - 2015-01-12 15:54 - 127569656 _____ (Microsoft Corporation) C:\Users\Jack\Downloads\msert(8).exe
2015-01-11 00:57 - 2015-01-30 02:12 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-11 00:57 - 2015-01-11 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-08 07:20 - 2015-01-08 07:20 - 00000000 ____D () C:\ProgramData\Gyazo
2015-01-08 01:04 - 2015-01-08 01:04 - 00011128 _____ () C:\Users\Jack\Documents\Custo forums design.odt
2015-01-07 00:33 - 2015-01-07 00:33 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2015-01-06 16:29 - 2015-01-06 16:29 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-06 16:29 - 2015-01-06 16:29 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Apple Computer
2015-01-06 16:29 - 2015-01-06 16:29 - 00000000 ____D () C:\Users\Jack\AppData\Local\Apple Computer
2015-01-06 16:29 - 2015-01-06 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-06 16:28 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-06 16:27 - 2015-01-06 16:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-06 16:27 - 2015-01-06 16:28 - 00000000 ____D () C:\Program Files\iTunes
2015-01-06 16:27 - 2015-01-06 16:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-06 16:27 - 2015-01-06 16:27 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-06 16:27 - 2015-01-06 16:27 - 00000000 ____D () C:\Program Files\iPod
2015-01-06 16:25 - 2015-01-21 16:22 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-06 16:24 - 2015-01-21 16:21 - 00000000 ____D () C:\ProgramData\Apple
2015-01-06 16:23 - 2015-01-06 16:24 - 122418480 _____ (Apple Inc.) C:\Users\Jack\Downloads\iTunes64Setup.exe
2015-01-04 01:26 - 2015-01-04 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-04 01:26 - 2015-01-04 01:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-04 01:26 - 2015-01-04 01:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-04 01:23 - 2015-01-04 01:23 - 13087456 _____ (Microsoft Corporation) C:\Users\Jack\Downloads\Silverlight_x64.exe
2015-01-02 20:20 - 2015-01-13 00:19 - 00000000 ____D () C:\Users\Jack\Desktop\Old Firefox Data
2015-01-02 18:34 - 2015-01-02 18:34 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-02 18:34 - 2015-01-02 18:34 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-02 17:08 - 2015-01-02 17:08 - 00244104 _____ () C:\Users\Jack\Downloads\Firefox Setup Stub 34.0.5.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 22:09 - 2014-10-25 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 22:09 - 2014-09-28 02:01 - 00000000 ____D () C:\Users\Jack\Documents\YouCam
2015-02-01 22:08 - 2014-06-20 13:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8c8e8960cb6d.job
2015-02-01 22:07 - 2009-07-14 04:45 - 00024608 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 22:07 - 2009-07-14 04:45 - 00024608 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 22:05 - 2014-11-04 18:46 - 00000000 ___RD () C:\Users\Jack\Dropbox
2015-02-01 22:05 - 2014-11-04 18:43 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Dropbox
2015-02-01 22:04 - 2014-06-14 13:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 22:04 - 2014-05-21 00:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 22:01 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 22:00 - 2014-11-07 15:48 - 01622621 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:50 - 2014-11-10 19:14 - 00001568 _____ () C:\Windows\Sandboxie.ini
2015-02-01 21:44 - 2014-05-26 01:03 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Skype
2015-02-01 21:42 - 2014-10-16 18:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps
2015-02-01 21:42 - 2014-06-21 23:24 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 20:26 - 2014-08-05 13:47 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Jack.job
2015-02-01 16:09 - 2014-10-09 01:06 - 00000000 ____D () C:\Users\Guest\Documents\YouCam
2015-02-01 05:03 - 2014-11-09 03:46 - 01709581 _____ () C:\Users\Jack\Downloads\nb.rar
2015-01-31 22:16 - 2014-11-09 22:04 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-31 22:14 - 2014-05-11 13:19 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-01-31 21:45 - 2014-05-18 13:34 - 00000000 ____D () C:\Program Files (x86)\KeyNote
2015-01-31 21:44 - 2014-05-09 19:06 - 00000000 ____D () C:\Program Files (x86)\AzTools
2015-01-30 16:36 - 2014-11-08 02:21 - 00000561 _____ () C:\DelFix.txt
2015-01-30 00:20 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps
2015-01-27 16:00 - 2014-09-18 16:42 - 00000000 ____D () C:\EEK
2015-01-26 22:43 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-25 01:09 - 2014-10-25 21:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 00:09 - 2014-07-25 00:39 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 00:09 - 2014-07-25 00:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 15:58 - 2014-08-30 21:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 15:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-01-24 15:50 - 2014-11-06 02:28 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\.strongvpn
2015-01-23 01:57 - 2014-07-24 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2015-01-22 17:37 - 2014-07-24 13:47 - 00000000 ____D () C:\Users\Jack\Documents\Visual Studio 2010
2015-01-21 20:50 - 2009-07-14 05:13 - 00874526 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 20:48 - 2014-05-27 21:22 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-21 20:46 - 2014-05-28 17:13 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-01-21 20:46 - 2014-05-28 17:05 - 00000000 ____D () C:\Windows\system32\1033
2015-01-21 20:44 - 2014-05-27 21:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-21 20:41 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-21 20:32 - 2014-07-24 13:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-01-21 16:55 - 2014-05-28 16:54 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 16:54 - 2014-05-28 17:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-01-21 16:52 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-21 16:41 - 2014-05-27 21:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-01-21 16:30 - 2014-07-23 23:20 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Dev-Cpp
2015-01-20 22:51 - 2014-05-28 17:34 - 00000000 ____D () C:\Users\Jack\Documents\Visual Studio 2013
2015-01-20 16:04 - 2014-11-06 02:26 - 00000000 ____D () C:\Program Files (x86)\StrongVPN
2015-01-20 01:17 - 2014-05-09 13:45 - 00000000 ____D () C:\Users\Jack
2015-01-17 16:04 - 2014-05-17 17:48 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-17 04:01 - 2014-06-09 15:05 - 00000000 ____D () C:\Users\Jack\Documents\My Kindle Content
2015-01-15 16:12 - 2014-12-31 22:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Tox
2015-01-14 22:45 - 2014-12-31 22:37 - 00000000 ____D () C:\Users\Jack\Desktop\Tox
2015-01-14 03:09 - 2014-05-09 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:01 - 2014-05-09 16:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 00:53 - 2014-05-20 23:59 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google
2015-01-12 23:13 - 2014-07-30 20:38 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\JAM Software
2015-01-12 23:13 - 2014-07-30 20:37 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2015-01-11 00:57 - 2014-05-20 23:59 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-08 07:20 - 2014-09-21 22:20 - 00003740 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-01-08 07:20 - 2014-09-21 22:20 - 00000982 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2015-01-08 07:20 - 2014-09-21 22:20 - 00000982 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2015-01-08 07:20 - 2014-09-21 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-01-08 07:20 - 2014-09-21 22:20 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-01-06 22:35 - 2014-06-07 13:11 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-06 22:35 - 2014-06-07 13:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-02 18:34 - 2014-05-09 18:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-08-05 14:49 - 2014-08-05 14:49 - 0172589 _____ () C:\Users\Jack\AppData\Local\ars.cache
2014-08-05 14:49 - 2014-08-05 14:49 - 0260800 _____ () C:\Users\Jack\AppData\Local\census.cache
2014-07-25 00:13 - 2014-07-25 00:16 - 0208308 _____ () C:\Users\Jack\AppData\Local\debuggee.mdmp
2014-08-05 14:40 - 2014-08-05 14:40 - 0000036 _____ () C:\Users\Jack\AppData\Local\housecall.guid.cache
2014-08-05 14:45 - 2014-08-05 14:45 - 0000010 _____ () C:\Users\Jack\AppData\Local\sponge.last.runtime.cache

Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpiy9u.dll
C:\Users\Jack\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jack\AppData\Local\Temp\Quarantine.exe
C:\Users\Jack\AppData\Local\Temp\sqlite3.dll
C:\Users\Jack\AppData\Local\Temp\StrongHelper.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\igd10umd32.dll
C:\Windows\System32\igdumd32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 11:06

==================== End Of Log ============================
auto1671
Active Member
 
Posts: 10
Joined: June 7th, 2014, 12:02 pm

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby auto1671 » February 1st, 2015, 6:25 pm

Additional FRST Log:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Jack at 2015-02-01 22:17:43
Running from C:\Users\Jack\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-489198973-519768537-2425427861-1000\...\Amazon Kindle) (Version: - Amazon)
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - )
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.48.55 - Broadcom Corporation)
calibre (HKLM-x32\...\{3FABD0E8-EEEF-4BB9-BA19-2D73F5D8D3FA}) (Version: 1.46.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2728.0 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-489198973-519768537-2425427861-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Enforcer: Police Crime Action (HKLM-x32\...\Steam App 318220) (Version: - Odin Game Studio)
ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
GameSalad Creator (HKLM-x32\...\{54398F55-5123-4FAA-9753-76E94AA77C20}) (Version: 0.10.5 - GameSalad)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HostsMan 4.3.100 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.3.100.0 - abelhadigital.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyNote 1.6.5 (HKLM-x32\...\KeyNote_is1) (Version: - )
LibreOffice 4.3.4.1 (HKLM-x32\...\{7D983A32-F645-48AB-8E38-4ACD234F40BC}) (Version: 4.3.4.1 - The Document Foundation)
Linphone version 3.7.0 (HKLM-x32\...\Linphone_is1) (Version: - linphone.org)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
MySQL Server 5.1 (HKLM\...\{01FB752A-92D8-429A-8540-5A7838233443}) (Version: 5.1.72 - Oracle Corporation)
Online Support(S Service) (HKLM-x32\...\{E8336EA1-40A2-48A1-80E8-B78F9EEAB23F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
OpenVPN 2.1.1 (HKLM-x32\...\OpenVPN) (Version: 2.1.1 - )
OpenVPN 2.3.6-I001 (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Password Corral v4.0 (HKLM-x32\...\Password Corral v4.0_is1) (Version: - Cygnus Productions)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 4.0.0.0 - PureVPN)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
StrongVPN Client (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.4.0.7 - Black Oak Computers, Inc)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, http://www.wireshark.org)
Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-489198973-519768537-2425427861-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

27-01-2015 22:17:07 Revo Uninstaller's restore point - Search App by Ask

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2014-10-11 18:42 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {023AA95A-A443-4187-A804-D00C4ED01343} - System32\Tasks\{6C455228-8640-46ED-972D-AE3103EAE79C} => pcalua.exe -a "C:\LAN Driver_8.4.907.2012\setup.exe" -d "C:\LAN Driver_8.4.907.2012"
Task: {172B9FFC-15A1-4A45-9544-92B823D64124} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {21FD0851-C855-4328-B04F-286222BD56E6} - System32\Tasks\{0C684A67-8E2F-4094-A70A-C6F6112FBD72} => pcalua.exe -a C:\linuxmint\uninstall-wubi.exe -d C:\linuxmint
Task: {27FC53AF-2558-4E2E-B806-E36039F89AE7} - System32\Tasks\{40E0E0D6-B6C2-49C3-A65A-8F18A9411E5D} => Chrome.exe
Task: {28F10F10-4C26-4F5F-9BD3-A5444F931FC5} - System32\Tasks\{662E1D44-A1E7-4394-B9C8-786D9A9A1CB6} => pcalua.exe -a C:\PROGRA~2\WISDOM~1\UNWISE.EXE -c C:\PROGRA~2\WISDOM~1\INSTALL.LOG
Task: {456533A0-3906-40AB-B143-B2E0DBE03E9A} - System32\Tasks\{30E0A68A-B7E1-47D9-B545-4750C93B7739} => pcalua.exe -a "C:\Program Files (x86)\Xvid\unins000.exe"
Task: {5760F7CA-5FAF-4EB7-BF0A-15082F7EA25D} - System32\Tasks\{10A19A6B-0885-40AE-AF01-87240CFC34C4} => C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe [2014-03-28] (CyberLink Corp.)
Task: {585EFAAE-FCD3-4CA3-926C-6C337ECB1E70} - System32\Tasks\{776A52C3-8374-4B87-AF5A-8E69A555DBC1} => C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe [2014-03-28] (CyberLink Corp.)
Task: {590BD2CA-2919-4FD6-98D4-453E1F46F698} - System32\Tasks\{F2410E85-E370-479C-931E-2F897BD51357} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-11-21] (Malwarebytes Corporation)
Task: {5CBF94FF-3339-432E-B47B-71D0C5E441AE} - System32\Tasks\Norton Security Scan for Jack => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
Task: {62C18086-D158-48F1-AED4-77E6C4EA80C9} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {6B4287C8-E2C3-4414-A56C-0F0C2AD03E65} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8c8e8960cb6d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-20] (Google Inc.)
Task: {7234A80D-E1C8-471B-800B-6FAE87779B32} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {86CBDBF3-AA42-452C-8A51-01BF264A1485} - System32\Tasks\{14851541-686B-4D76-B779-4120BE78FA09} => Firefox.exe http://www.skype.com/go/downloading?sou ... tError=404
Task: {8728C12E-11E4-4F86-86DA-B91267F2A5C7} - System32\Tasks\{BFBB9DEA-1348-4392-A445-7469B2B781D0} => pcalua.exe -a C:\Users\Jack\Downloads\jitsi-2.4-latest-x86.exe -d C:\Users\Jack\Downloads
Task: {93D9DDA1-A57E-441E-866D-EB69B6E8A24C} - System32\Tasks\{7ED07EA1-2B6D-4FED-8C51-E6F947F39DC3} => pcalua.exe -a C:\Users\Jack\Downloads\jxpiinstall(2).exe -d C:\Users\Jack\Downloads
Task: {962718CD-DB82-491B-840A-58D15C45463F} - System32\Tasks\{5D0081FE-DE61-451F-93F5-2FC0E1604896} => C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe [2014-03-28] (CyberLink Corp.)
Task: {A6CD8D9A-F58B-4E2B-8CE8-8FFB0D1ACD15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-20] (Google Inc.)
Task: {ABD8BC25-871F-49B3-899B-14ECC772AEA1} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {AC001763-EA27-47F9-AC38-44CFDCB37C7A} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {AE11EB90-96FE-4016-AD2B-DFDA029BBDF3} - System32\Tasks\{C1795796-2E97-41D0-BFFB-70A8A0B83033} => C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe [2014-03-28] (CyberLink Corp.)
Task: {B98A37A5-0195-4D8E-BBBF-858CFB672177} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {C14F8912-FDD3-4C95-AAF2-BEDACC7BDAB6} - System32\Tasks\{0785EB5B-5774-4EFD-8C6B-AC38DAC455A0} => Firefox.exe http://www.skype.com/go/downloading?sou ... tError=404
Task: {C5E17959-4DF2-48B7-B6EE-21CD0EC75D48} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe
Task: {C71DE18B-6E93-4453-8B39-0048E914C402} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
Task: {C95CF184-54F1-4609-B962-F975AF07727F} - System32\Tasks\{2330365E-2415-4831-9C10-EA8C78B9EA45} => pcalua.exe -a C:\Users\Jack\Downloads\syndie-installer-1.105b.bin.win64.exe -d C:\Users\Jack\Downloads
Task: {CC816B39-778B-4590-8989-9A013548199B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe
Task: {D002AA23-BD4D-4202-83BD-AE6F21B5F326} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {DE5EF837-6CEE-4AD7-9105-5754AEED7554} - System32\Tasks\{1330CB6A-C5D5-4150-A5BD-A1A0FB0CB70E} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-11-21] (Malwarebytes Corporation)
Task: {E2B35778-0E70-4F1D-AC24-047440DD991C} - System32\Tasks\{D75D42BA-16D4-4F3F-BDE4-E779EBA92F0F} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-11-21] (Malwarebytes Corporation)
Task: {EA0092F5-9836-41B0-9CA7-208CA9D3F7AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {F12E6257-4B88-4CA0-852C-ABF42117DCB4} - System32\Tasks\{A936449C-A327-4A03-BB28-833C000B0B27} => pcalua.exe -a C:\Users\Jack\Downloads\i2pinstall_0.9.17_windows.exe -d C:\Users\Jack\Downloads
Task: {F590F476-3A65-4CB2-B005-36ECBA66B41A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8c8e8960cb6d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Jack.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe

==================== Loaded Modules (whitelisted) =============

2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-05 19:32 - 2011-02-23 21:26 - 00017920 _____ () C:\Program Files (x86)\Workrave\lib\WorkraveHelper.exe
2014-08-05 19:32 - 2011-02-23 21:26 - 00069632 _____ () C:\Program Files (x86)\Workrave\lib\harpoon64.dll
2014-08-05 19:32 - 2011-10-12 18:46 - 01624593 _____ () C:\Program Files (x86)\Workrave\lib\dbus-daemon.exe
2014-08-05 19:32 - 2010-12-27 16:46 - 01182444 _____ () C:\Program Files (x86)\Workrave\lib\libcairo-2.dll
2014-08-05 19:32 - 2009-11-19 18:20 - 00278495 _____ () C:\Program Files (x86)\Workrave\lib\libfontconfig-1.dll
2014-08-05 19:32 - 2009-01-31 21:42 - 00143096 _____ () C:\Program Files (x86)\Workrave\lib\libexpat-1.dll
2014-08-05 19:32 - 2010-12-27 13:12 - 00538324 _____ () C:\Program Files (x86)\Workrave\lib\freetype6.dll
2014-08-05 19:32 - 2010-08-17 14:38 - 00230529 _____ () C:\Program Files (x86)\Workrave\lib\libpng14-14.dll
2014-08-05 19:32 - 2010-08-20 09:18 - 00100352 _____ () C:\Program Files (x86)\Workrave\lib\zlib1.dll
2014-08-05 19:32 - 2011-10-12 18:46 - 01240138 _____ () C:\Program Files (x86)\Workrave\lib\libdbus-1.dll
2014-08-05 19:32 - 2010-09-29 21:10 - 00103139 _____ () C:\Program Files (x86)\Workrave\lib\libpangocairo-1.0-0.dll
2014-08-05 19:32 - 2010-04-23 17:38 - 00066560 _____ () C:\Program Files (x86)\Workrave\lib\harpoon.dll
2014-08-05 19:32 - 2011-02-19 11:26 - 00099128 _____ () C:\Program Files (x86)\Workrave\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00750080 _____ () C:\Users\Jack\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-01 22:04 - 2015-02-01 22:04 - 00043008 _____ () c:\users\jack\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpiy9u.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00047616 _____ () C:\Users\Jack\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00863744 _____ () C:\Users\Jack\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00200704 _____ () C:\Users\Jack\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-17 20:02 - 2015-01-27 02:32 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-05 14:45 - 2014-08-05 14:45 - 00000000 _____ () C:\Windows\system32\igd10umd32.dll
2015-01-25 00:09 - 2015-01-25 00:09 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2014-08-05 14:45 - 2014-08-05 14:45 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-11-03 20:26 - 2011-08-24 02:39 - 00081920 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_ctypes.pyd
2014-11-03 20:26 - 2011-08-24 02:39 - 00053248 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_socket.pyd
2014-11-03 20:26 - 2011-08-24 02:39 - 00655360 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_ssl.pyd
2014-11-03 20:26 - 2014-02-20 03:33 - 00057344 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\XUControl.dll
2014-11-03 20:26 - 2014-05-13 09:42 - 00866056 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\BigBang\Runtime\UNO.dll
2014-11-03 20:26 - 2014-03-28 02:04 - 00148440 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\PyImageRetouch\_PyImageRetouch.pyd
2014-11-03 20:26 - 2014-05-13 09:42 - 00311048 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\BlackCat.dll
2014-11-03 20:26 - 2013-09-12 02:14 - 00255272 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\CLAvatar.dll
2014-11-03 20:25 - 2011-08-24 02:39 - 00135168 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\pyexpat.pyd
2014-11-03 20:26 - 2011-08-24 02:39 - 00475136 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\unicodedata.pyd
2014-11-03 20:26 - 2014-03-28 02:04 - 00173016 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\Uploader\_PyUploader.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:84098FD3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28407006.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28407006.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-489198973-519768537-2425427861-500 - Administrator - Disabled)
Guest (S-1-5-21-489198973-519768537-2425427861-501 - Limited - Disabled) => C:\Users\Guest
Jack (S-1-5-21-489198973-519768537-2425427861-1000 - Administrator - Enabled) => C:\Users\Jack

==================== Faulty Device Manager Devices =============

Name: CSN5PDTS82x64 NDIS Protocol Driver
Description: CSN5PDTS82x64 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CSN5PDTS82x64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Capsax64Drv0 NDIS Protocol Driver
Description: Capsax64Drv0 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Capsax64Drv0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 04:04:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/01/2015 04:23:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.0.0.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 650

Start Time: 01d03d83ec6bae57

Termination Time: 18

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: fac995e7-a9c9-11e4-b5ac-90a4de6f73d5

Error: (01/30/2015 04:37:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/30/2015 04:37:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/30/2015 00:20:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xf78
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/30/2015 00:20:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6bc

Start Time: 01d03bdb2ce93217

Termination Time: 87

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b796cde7-a815-11e4-a7a6-90a4de6f73d5

Error: (01/29/2015 08:08:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2015 05:38:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/27/2015 10:18:47 PM) (Source: MsiInstaller) (EventID: 10005) (User: Jack-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (01/27/2015 10:18:46 PM) (Source: MsiInstaller) (EventID: 10005) (User: Jack-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox


System errors:
=============
Error: (02/01/2015 10:02:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Capsax64Drv0
CSN5PDTS82
CSN5PDTS82x64
CsNdisLWF

Error: (02/01/2015 09:41:34 PM) (Source: DCOM) (EventID: 10016) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)

Error: (02/01/2015 09:17:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/01/2015 09:17:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/01/2015 09:17:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/01/2015 04:13:44 PM) (Source: DCOM) (EventID: 10016) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)

Error: (02/01/2015 04:09:17 PM) (Source: DCOM) (EventID: 10016) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)

Error: (02/01/2015 03:33:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Capsax64Drv0
CSN5PDTS82
CSN5PDTS82x64
CsNdisLWF

Error: (02/01/2015 05:09:24 AM) (Source: DCOM) (EventID: 10016) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)

Error: (01/31/2015 11:09:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (02/01/2015 04:04:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jack\Downloads\esetsmartinstaller_enu.exe

Error: (02/01/2015 04:23:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.0.0.10265001d03d83ec6bae5718C:\Program Files (x86)\Skype\Phone\Skype.exefac995e7-a9c9-11e4-b5ac-90a4de6f73d5

Error: (01/30/2015 04:37:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jack\Downloads\esetsmartinstaller_enu.exe

Error: (01/30/2015 04:37:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jack\Downloads\esetsmartinstaller_enu.exe

Error: (01/30/2015 00:20:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425f7801d03bdb507d1b44C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbaf0b3d6-a815-11e4-a7a6-90a4de6f73d5

Error: (01/30/2015 00:20:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.55006bc01d03bdb2ce9321787C:\Program Files (x86)\Mozilla Firefox\firefox.exeb796cde7-a815-11e4-a7a6-90a4de6f73d5

Error: (01/29/2015 08:08:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/28/2015 05:38:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/27/2015 10:18:47 PM) (Source: MsiInstaller) (EventID: 10005) (User: Jack-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/27/2015 10:18:46 PM) (Source: MsiInstaller) (EventID: 10005) (User: Jack-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox (NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
Date: 2014-07-29 18:03:48.465
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jack\Documents\System Analayses\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-29 18:03:48.405
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jack\Documents\System Analayses\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-11 23:25:42.368
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jack\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-11 23:25:42.306
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jack\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-11 23:25:41.558
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-11 23:25:41.496
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 43%
Total physical RAM: 6057.55 MB
Available physical RAM: 3392.91 MB
Total Pagefile: 12113.28 MB
Available Pagefile: 9028.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:692.62 GB) (Free:566.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00033DB0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=692.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.9 GB) - (Type=05)

==================== End Of Log ============================
auto1671
Active Member
 
Posts: 10
Joined: June 7th, 2014, 12:02 pm

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby Cypher » February 2nd, 2015, 8:16 am

Hi,
I would just like a checkup to make sure everything is okay. Someone online had managed to get some of my personal information and then decided to post that via a chat room. So I would like to make sure that I have nothing on my computer like a Remote Access Trojan.

I'm not seeing anything of real concern in your logs so far.
There are somethings that need to be cleaned up so lets take care of those first.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-489198973-519768537-2425427861-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Handler: WSISAllmytubechrome - No CLSID Value
    ShellExecuteHooks-x32: - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File [ ]
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM-x32\...\Chrome\Extension: [dogdoihocdkadpalbghcpfafbojcfofa] - No Path
    S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
    S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
    S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
    S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    C:\Users\Jack\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpiy9u.dll
    C:\Users\Jack\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\Jack\AppData\Local\Temp\Quarantine.exe
    C:\Users\Jack\AppData\Local\Temp\sqlite3.dll
    C:\Users\Jack\AppData\Local\Temp\StrongHelper.exe
    C:\Windows\System32\igd10umd32.dll
    C:\Windows\System32\igdumd32.dll
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\ProgramData\TEMP:84098FD3
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe to your Downloads Folder as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

Run Microsoft Safety Scanner

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to Microsoft Safety Scanner
  • Click Download Now
  • When asked to Run or Save, choose Run. (Unless it's to be run on a different PC)
  • OK the User Account Permission or the query "Do you want to run this software".
  • If you get a message saying "running this type of program could harm your computer" or similar, just ignore it and tell it to Run anyway.
  • Click the box to Accept the license agreement. Click Next.
  • Click Next to run the Scan.
  • Click the Quick Scan button. (... also Full Scan option)
  • Click Next
  • (If it finds nothing, it will just Exit. It still does create a report file.)
  • If it has found anything, check the box titled "Help Remove potentially unwanted software"
  • Click Next.
  • (The Dialog label will become "Cleaning your computer"). It may take a while.
  • After this operation completes, click Finish.
  • When removals are complete, it will report through a link, "View detailed results of the scan"
  • Clicking the link will popup a report in Notepad.
  • Please post the contents of the file in a reply.
  • The report file is also saved here: C:\Windows\debug\msert.log

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • msert.log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby auto1671 » February 2nd, 2015, 2:53 pm

FRST Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Jack at 2015-02-02 15:50:48 Run:1
Running from C:\Users\Jack\Downloads
Loaded Profiles: Jack (Available profiles: Jack & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-489198973-519768537-2425427861-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: WSISAllmytubechrome - No CLSID Value
ShellExecuteHooks-x32: - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File [ ]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [dogdoihocdkadpalbghcpfafbojcfofa] - No Path
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
C:\Users\Jack\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpiy9u.dll
C:\Users\Jack\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jack\AppData\Local\Temp\Quarantine.exe
C:\Users\Jack\AppData\Local\Temp\sqlite3.dll
C:\Users\Jack\AppData\Local\Temp\StrongHelper.exe
C:\Windows\System32\igd10umd32.dll
C:\Windows\System32\igdumd32.dll
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:84098FD3

EmptyTemp:
CMD: ipconfig /flushdns

*****************

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-489198973-519768537-2425427861-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCR\PROTOCOLS\Handler\WSISAllmytubechrome" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dogdoihocdkadpalbghcpfafbojcfofa" => Key deleted successfully.
Capsax64Drv0 => Service deleted successfully.
CSN5PDTS82 => Service deleted successfully.
CSN5PDTS82x64 => Service deleted successfully.
CsNdisLWF => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
vmci => Unable to stop service
vmci => Service deleted successfully.
VMnetAdapter => Unable to stop service
VMnetAdapter => Service deleted successfully.
"C:\Users\Jack\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpiy9u.dll" => File/Directory not found.
"C:\Users\Jack\AppData\Local\Temp\jre-8u31-windows-au.exe" => File/Directory not found.
"C:\Users\Jack\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Jack\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\Jack\AppData\Local\Temp\StrongHelper.exe" => File/Directory not found.
C:\Windows\System32\igd10umd32.dll => Moved successfully.
C:\Windows\System32\igdumd32.dll => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":84098FD3" ADS removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 343.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:51:09 ====
auto1671
Active Member
 
Posts: 10
Joined: June 7th, 2014, 12:02 pm

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby auto1671 » February 2nd, 2015, 2:55 pm

msert.log:

Nothing suspicious found. I performed a quick scan. I can do a full scan if you prefer.


Update on computers performance:


Computers performance is still much like the same as it was before.
auto1671
Active Member
 
Posts: 10
Joined: June 7th, 2014, 12:02 pm

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby Cypher » February 3rd, 2015, 6:46 am

Hi,
Your computer appear to be clean so you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby auto1671 » February 3rd, 2015, 12:22 pm

Hi, I have seen this reply and done as instructed. It turned out that the reason someone was able to get my information is that they had at some point managed to hack into the host database of another forum I was registered on.

However thank you for your help, time and the recommendations. Very much appreciated. :)
auto1671
Active Member
 
Posts: 10
Joined: June 7th, 2014, 12:02 pm

Re: Possibly Infected - Personaly Idenfiable Info Exposed.

Unread postby Cypher » February 3rd, 2015, 12:51 pm

Hi,
thank you for your help, time and the recommendations.

You're welcome.
It turned out that the reason someone was able to get my information is that they had at some point managed to hack into the host database of another forum I was registered on.
As i said your computer appears to be clean, so that would explain how your personal information was accessed.
You should change your passwords for any other sites you're registered at just to be safe.
As you have no questions i will close this topic, good luck.


As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware