Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Malware installing Extensions in FireFox

This is a discussion on Malware installing Extensions in FireFox within the Resolved HJT Threads forums, part of the Tech Support Forum category. I was re-directed here by an admin from the Mozilla/Firefox Browsers support forum. My FireFox randomly installs extensions onto itself.


 
 
Thread Tools Search this Thread
Old 05-15-2015, 07:07 AM   #1
TSF Enthusiast
 
KoLAddict's Avatar
 
Join Date: Jul 2006
Location: Rockford, IL
Posts: 622
OS: Windows 7 32-bit



I was re-directed here by an admin from the Mozilla/Firefox Browsers support forum.

My FireFox randomly installs extensions onto itself. It'll even close and restart to start up a new extension if it's added. They're never officially support extensions, they're always ones that cause pop ups. My Microsoft Essentials and AVG scans have never turned up any issues, and while I do keep changing my passwords when it happens, I've never noticed any issues. Any help would be much appreciated, it's driving me insane, not to mention making me worried about computer security. Formatting my PC is an option, but a last resort.

Thanks in advance for any help given. Below is my DDS scan, and the Attach file is attached as requested.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17267 BrowserJavaVersion: 11.40.2
Run by KlownKefka at 9:02:39 on 2015-05-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5855 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\KlownKefka\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}\teen seduce.exe
C:\Users\KlownKefka\AppData\Local\Apps\2.0\BTEA6YWM.PX0\HQVJJ8EO.6MZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchy.easylifeapp.com/
mStart Page = hxxp://searchy.easylifeapp.com/
mWinlogon: Userinit = userinit.exe
BHO: Fiun2SavE: {4302bf62-7c57-403b-bf78-e16de082763c} - C:\Program Files (x86)\Fiun2SavE\fuxCIesdxhsCA4.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Amazon Music] "C:\Users\KlownKefka\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\KlownKefka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\KLOWNK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEENSE~1.LNK - C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}\teen seduce.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0784B62F-3DE6-4272-8FA2-1B6B95421FB1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{958E6B69-9261-4586-B5A7-D2FB52FE0BA6} : DHCPNameServer = 192.168.0.1
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://searchy.easylifeapp.com/
x64-BHO: Fiun2SavE: {4302bf62-7c57-403b-bf78-e16de082763c} - C:\Program Files (x86)\Fiun2SavE\fuxCIesdxhsCA4.x64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KlownKefka\AppData\Roaming\Mozilla\Firefox\Profiles\uyzapdgp.default-1429546533444\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\KlownKefka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2015-1-5 604192]
R2 4261c3f1;IncrementGeneration;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 43641ff3;BocaFoobar;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-8-14 43624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-20 59648]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 124560]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-8 166912]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\System32\drivers\WMP54Gv41x64.sys [2010-4-7 446304]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2013-10-23 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-10-19 484592]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-6-25 131912]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-6-21 48488]
S3 GalaxyClientService;GalaxyClientService;C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2015-5-7 1764408]
S3 GalaxyCommunication;GalaxyCommunication;C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2015-5-7 6544952]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-12-17 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-9-25 36928]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2013-6-29 1931632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-21 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-23 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-21 1255736]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-05-14 14:51:22 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AB52940-9F81-422E-8B23-912E4220B6B9}\offreg.dll
2015-05-14 14:49:58 12032440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AB52940-9F81-422E-8B23-912E4220B6B9}\mpengine.dll
2015-05-13 12:50:16 12032440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-12 14:39:12 -------- d-----w- C:\Program Files (x86)\NewSuaver
2015-05-12 14:38:54 -------- d-----w- C:\Program Files (x86)\Fiun2SavE
2015-05-11 07:24:54 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\GOG
2015-05-11 02:54:54 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\Sierra
2015-05-11 02:04:44 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\Ascaron Entertainment
2015-05-11 00:27:35 179200 ----a-w- C:\Windows\SysWow64\rsx.dll
2015-05-11 00:27:35 11776 ----a-w- C:\Windows\SysWow64\aaudio.dll
2015-05-07 12:54:24 -------- d-----w- C:\ProgramData\GOG.com
2015-05-07 12:54:24 -------- d-----w- C:\Program Files (x86)\GalaxyClient
2015-05-02 13:37:28 -------- d-----w- C:\Program Files (x86)\Blank Canvas Signatures for Gmail
2015-05-02 13:37:05 -------- d-----w- C:\Program Files (x86)\AllSaaver
2015-05-02 13:36:35 -------- d-----w- C:\Program Files (x86)\DigiiSaver
2015-05-02 13:36:07 -------- d-----w- C:\Program Files (x86)\REguullarDDealesa
2015-05-01 18:10:42 229608 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-05-01 13:29:53 939520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll
2015-04-29 13:27:48 -------- d-----w- C:\ProgramData\Supreme AdBlocker
2015-04-24 15:09:50 -------- d-----w- C:\Program Files (x86)\IncrementGeneration
2015-04-24 15:08:49 -------- d-----w- C:\Program Files (x86)\Online 8 Ball Pool Multiplayer
2015-04-24 15:08:30 -------- d-----w- C:\Program Files (x86)\bestadblocker
2015-04-24 15:08:19 -------- d-----w- C:\Program Files (x86)\UniDeals
2015-04-23 17:45:33 -------- d-----w- C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}
2015-04-23 13:41:24 -------- d-----w- C:\Users\KlownKefka\AppData\Local\openvr
.
==================== Find3M ====================
.
2015-05-11 06:58:55 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2015-05-11 06:58:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2015-05-11 06:58:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2015-05-11 06:58:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2015-04-15 12:41:20 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 12:41:20 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 12:41:08 18178736 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-03-07 13:53:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 0520 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-02-23 10:52:04 2237952 ----a-w- C:\Windows\System32\wininet.dll
2015-02-23 10:51:56 600576 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-23 10:50:40 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-23 10:50:34 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-23 10:50:34 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-02-23 10:49:36 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-23 09:17:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-23 08:51:29 441856 ----a-w- C:\Windows\System32\html.iec
2015-02-23 08:25:10 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-02-21 05:31:25 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-21 05:31:19 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-21 05:30:16 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-21 05:30:11 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-21 05:30:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-02-21 05:29:25 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-21 05:09:51 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-21 04:42:37 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-02-21 04:19:22 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-17 21:04:46 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 9:02:54.00 ===============
Attached Files
File Type: txt attach.txt (19.6 KB, 693 views)
KoLAddict is offline  
Sponsored Links
Advertisement
 
Old 05-18-2015, 12:32 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KoLAddict,

I am currently reviewing your logs and I will be back with further instructions as soon as possible.
__________________
tekir06 is offline  
Old 05-18-2015, 12:43 AM   #3
TSF Enthusiast
 
KoLAddict's Avatar
 
Join Date: Jul 2006
Location: Rockford, IL
Posts: 622
OS: Windows 7 32-bit



Thanks very much tekir06. I really appreciate it!
KoLAddict is offline  
Sponsored Links
Advertisement
 
Old 05-18-2015, 06:14 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KoLAddict,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

=======================================================

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

=====================================================

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 05-18-2015, 11:32 PM   #5
TSF Enthusiast
 
KoLAddict's Avatar
 
Join Date: Jul 2006
Location: Rockford, IL
Posts: 622
OS: Windows 7 32-bit



Just ran it. Thanks, that cleaned up a few things. It said it cleaned up a ton of stuff, but the Scan Log when I looked at it only listed a few. I have it attached.

Thanks again for the help!
Attached Files
File Type: txt ScanLog.txt (1.7 KB, 20 views)
KoLAddict is offline  
Old 05-19-2015, 03:16 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KoLAddict,

You're welcome. Thanks for the log.

Let's move on.

Please do the following instructions.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 05-19-2015, 04:05 AM   #7
TSF Enthusiast
 
KoLAddict's Avatar
 
Join Date: Jul 2006
Location: Rockford, IL
Posts: 622
OS: Windows 7 32-bit



Program ran, here's both files.

Thanks a ton!
Attached Files
File Type: txt Addition.txt (128.8 KB, 27 views)
File Type: txt FRST.txt (50.2 KB, 24 views)
KoLAddict is offline  
Old 05-19-2015, 11:33 PM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Please do the following intructions and tell me How is the machine behaving now? What problems do you still have?

STEP 1

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

AllSaaver
bestadblocker
BocaFoobar
DigiiSaver
GalaxyUpgrader
GOSavie
Pirates!
Pirates! GOLD
SOOftCouP


Also delete the following Folders if it still exists:

C:\Program Files (x86)\NewSuaver
C:\Program Files (x86)\REguullarDDealesa
C:\Program Files (x86)\IncrementGeneration
C:\Program Files (x86)\BocaFoobar
C:\Program Files (x86)\dowNloaDitkEep
C:\Program Files (x86)\tpErffecctcouponi
C:\Program Files (x86)\savinnsshop


=======================================================

STEP 2

You appear to have a Developer's build of Chrome installed. Most typical users do not have this build installed.

Why this is not safe:
https://support.google.com/chrome/an...ons&rd=1&hl=en


Launch Chrome:

Open the Settings Menu in Chrome (upper right hand corner of the browser)
Click the Advanced Sync Settings button
Change the drop down from Sync Everything to Choose what to sync
Uncheck Settings, then click OK

Next, click Start>Control Panel>Programs and features to uninstall Chrome.

When Chrome asks if you want to delete all data, you must place a check in the box.

Then re-install Chrome.

========================================================

STEP 3

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
Startup: C:\Users\KlownKefka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\teen seduce.lnk [2015-04-23]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-2095355427-1473592897-4083276186-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2015-05-12 09:39 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\NewSuaver
2015-05-02 08:36 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\REguullarDDealesa
2015-04-24 10:09 - 2015-05-18 15:04 - 00000000 ____D () C:\Program Files (x86)\IncrementGeneration
2015-04-23 12:45 - 2015-05-18 15:04 - 00000000 ____D () C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}
2015-05-18 15:04 - 2015-04-07 10:55 - 00000000 ____D () C:\Program Files (x86)\BocaFoobar
2015-05-18 14:44 - 2015-04-09 07:53 - 00000000 ____D () C:\Program Files (x86)\dowNloaDitkEep
2015-05-18 14:44 - 2014-10-01 11:55 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2015-05-18 14:44 - 2014-09-22 22:26 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\31340
2015-05-18 14:44 - 2014-04-28 08:53 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\41
2015-05-16 11:49 - 2015-01-18 09:08 - 00000000 ____D () C:\Windows\1
2015-05-12 09:38 - 2015-04-03 08:13 - 00000000 ____D () C:\Program Files (x86)\tpErffecctcouponi
2015-05-12 09:38 - 2015-04-03 08:12 - 00000000 ____D () C:\Program Files (x86)\savinnsshop
C:\Users\KlownKefka\AppData\Local\Temp\setacl.exe
end
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 05-21-2015, 05:06 AM   #9
TSF Enthusiast
 
KoLAddict's Avatar
 
Join Date: Jul 2006
Location: Rockford, IL
Posts: 622
OS: Windows 7 32-bit



Below I have that posted. First, I want to say, I see it is detecting Chrome, but I am completely unable to detect it anywhere on my computer. I only have Internet Explorer and Firefox installed. Chrome isn't listed in my Add/Remove Programs, CCleaner doesn't list it as an uninstall option, and there isn't a Google or Chrome folder anywhere on my computer for me to delete/remove. I'm not sure why it's detecting Chrome.

EDIT:Everything is running better. Well, it's running as well as it always has, but I haven't had anything force install on me. Usually it was happening every other day or so.

Thanks again for all the help!
-----------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by KlownKefka (administrator) on KLOWNKEFKA-PC on 19-05-2015 05:58:49
Running from C:\Users\KlownKefka\Downloads
Loaded Profiles: KlownKefka (Available profiles: KlownKefka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Users\KlownKefka\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Curse) C:\Users\KlownKefka\AppData\Local\Apps\2.0\BTEA6YWM.PX0\HQVJJ8EO.6MZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Turbine, Inc.) C:\Program Files (x86)\Steam\SteamApps\common\Lord of the Rings Online\TurbineLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\...\Run: [Amazon Music] => C:\Users\KlownKefka\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-06-24] ()
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7402040 2015-05-18] (GOG.com)
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\...\MountPoints2: {02795a33-6815-11e3-9afd-e0cb4e7afeb8} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\...\MountPoints2: {9a6b6e41-d9e4-11e2-b17f-e0cb4e7afeb8} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\...\MountPoints2: {cc321c25-e1a1-11e2-8749-e0cb4e7afeb8} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2015-01-05]
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
Startup: C:\Users\KlownKefka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-12-09] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = msn
HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\Software\Microsoft\Internet Explorer\Main,Start Page = msn
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = https://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = https://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2095355427-1473592897-4083276186-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-2095355427-1473592897-4083276186-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload2.macromedia.com/ge...sh/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\KlownKefka\AppData\Roaming\Mozilla\Firefox\Profiles\uyzapdgp.default-1429546533444
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-12-10] (Nexon)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2095355427-1473592897-4083276186-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KlownKefka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\KlownKefka\AppData\Roaming\Mozilla\Firefox\Profiles\uyzapdgp.default-1429546533444\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\KlownKefka\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-10-19] (BitRaider, LLC)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1744952 2015-05-18] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6517304 2015-05-18] (GOG.com)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-29] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-22] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-07-22] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [604192 2013-03-19] ()
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-23] (BitRaider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rt61x64; C:\Windows\System32\DRIVERS\WMP54Gv41x64.sys [446304 2010-04-07] (Ralink Technology, Corp.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 05:58 - 2015-05-19 05:59 - 00014979 _____ () C:\Users\KlownKefka\Downloads\FRST.txt
2015-05-19 05:58 - 2015-05-19 05:58 - 02107392 _____ (Farbar) C:\Users\KlownKefka\Downloads\FRST64.exe
2015-05-19 05:58 - 2015-05-19 05:58 - 00000000 ____D () C:\FRST
2015-05-18 15:21 - 2015-05-18 15:21 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-18 15:21 - 2015-05-18 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-18 15:20 - 2015-05-18 15:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-18 15:20 - 2015-05-18 15:21 - 00000000 ____D () C:\Program Files\iTunes
2015-05-18 15:20 - 2015-05-18 15:20 - 00000000 ____D () C:\Program Files\iPod
2015-05-18 15:20 - 2015-05-18 15:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-18 14:19 - 2015-05-19 05:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 14:19 - 2015-05-18 14:19 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 14:19 - 2015-05-18 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 14:19 - 2015-05-18 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 14:19 - 2015-05-18 14:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 14:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 14:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 14:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 03:29 - 2015-05-18 03:52 - 00008340 _____ () C:\Users\KlownKefka\Desktop\Marco Pattern S1.xlsx
2015-05-15 13:23 - 2015-05-15 13:25 - 00005493 _____ () C:\Windows\IE11_main.log
2015-05-15 13:05 - 2015-05-15 13:05 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-05-15 13:05 - 2015-05-15 13:05 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-05-15 12:56 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 12:56 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 12:52 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 12:52 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-15 12:52 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 12:52 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 12:52 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-15 12:52 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 12:52 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-15 12:52 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-15 12:52 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 12:52 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 12:52 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-15 12:52 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-15 12:52 - 2015-04-03 22:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-15 12:52 - 2015-04-03 22:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-15 12:52 - 2015-04-03 22:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-15 12:52 - 2015-04-03 22:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-15 12:52 - 2015-04-03 22:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-15 12:52 - 2015-04-03 22:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-15 12:52 - 2015-04-03 22:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-15 12:52 - 2015-04-03 22:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-15 12:52 - 2015-04-03 22:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-15 12:52 - 2015-04-03 22:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-15 12:52 - 2015-04-03 22:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-15 12:52 - 2015-04-03 22:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-15 12:52 - 2015-04-03 22:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-15 12:52 - 2015-04-03 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-15 12:52 - 2015-04-03 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-15 12:52 - 2015-04-03 22:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-15 12:52 - 2015-04-03 22:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-15 12:52 - 2015-04-03 22:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-15 12:52 - 2015-04-03 22:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-15 12:52 - 2015-04-03 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-15 12:52 - 2015-04-03 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-15 12:52 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-15 12:52 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-15 12:52 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-15 12:52 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-15 12:52 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-15 12:52 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-15 12:52 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-15 12:52 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-15 12:52 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-15 12:52 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-15 12:52 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-15 12:52 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-15 12:52 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-15 12:52 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-15 12:52 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-15 12:52 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-15 12:52 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-15 12:52 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-15 12:52 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-15 12:52 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-15 12:52 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-15 12:52 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-15 12:52 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-15 12:52 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-15 12:52 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-15 12:52 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-15 12:52 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-15 12:52 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-15 12:52 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-15 12:52 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-15 12:52 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-15 12:52 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-15 12:52 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-15 12:52 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-15 12:52 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-15 12:52 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-15 12:52 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-15 12:52 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-15 12:52 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-15 12:52 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-15 12:52 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-15 12:52 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-15 12:52 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-15 12:52 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-15 12:52 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-15 12:52 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-15 12:52 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-15 12:52 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-15 12:52 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-15 12:52 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-15 12:52 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-15 12:52 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-15 12:52 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-15 12:50 - 2015-04-21 09:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-15 12:50 - 2015-04-21 09:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-15 12:50 - 2015-04-21 09:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-15 12:50 - 2015-04-21 08:53 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-15 12:50 - 2015-04-21 08:53 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-15 12:50 - 2015-04-21 08:53 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-15 12:50 - 2015-04-21 08:52 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-15 12:50 - 2015-04-21 08:52 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-15 12:50 - 2015-04-21 08:52 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-15 12:50 - 2015-04-21 08:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-15 12:50 - 2015-04-21 08:52 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-15 12:50 - 2015-04-21 08:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-15 12:50 - 2015-04-17 21:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-15 12:50 - 2015-04-17 21:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-15 12:49 - 2015-04-21 09:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-15 12:49 - 2015-04-21 09:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-15 12:49 - 2015-04-21 09:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-15 12:49 - 2015-04-21 09:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-15 12:49 - 2015-04-21 09:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-15 12:49 - 2015-04-21 09:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-15 12:49 - 2015-04-21 09:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-15 12:49 - 2015-04-21 09:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-15 12:49 - 2015-04-21 08:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-15 12:49 - 2015-04-21 08:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-15 12:49 - 2015-04-21 08:52 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-15 12:49 - 2015-04-21 08:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-15 12:49 - 2015-04-17 22:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-15 12:49 - 2015-04-17 21:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-15 12:49 - 2015-04-17 21:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-15 12:49 - 2015-04-17 21:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-15 12:49 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-15 12:49 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-15 12:49 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-12 09:39 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\NewSuaver
2015-05-11 02:52 - 2015-05-11 02:52 - 00000000 ____D () C:\Users\KlownKefka\Documents\atari
2015-05-11 02:24 - 2015-05-11 02:24 - 00000000 ____D () C:\Users\KlownKefka\AppData\Roaming\GOG
2015-05-11 02:19 - 2015-05-11 02:19 - 00000000 ____D () C:\Users\KlownKefka\Documents\Driftmoon
2015-05-11 02:11 - 2015-05-11 02:11 - 00000000 ____D () C:\Users\KlownKefka\Documents\Creatures
2015-05-11 02:08 - 2013-10-08 00:50 - 00000000 _____ () C:\Users\KlownKefka\Documents\corsairs.ini
2015-05-11 02:08 - 2013-06-27 02:27 - 00000007 _____ () C:\Users\KlownKefka\Documents\lang.txt
2015-05-11 01:16 - 2015-05-11 01:16 - 00000000 ____D () C:\Users\KlownKefka\Documents\Spiderweb Software
2015-05-10 21:54 - 2015-05-10 21:54 - 00000000 ____D () C:\Users\KlownKefka\AppData\Roaming\Sierra
2015-05-10 21:04 - 2015-05-10 21:04 - 00000000 ____D () C:\Users\KlownKefka\Documents\Ascaron Entertainment
2015-05-10 21:04 - 2015-05-10 21:04 - 00000000 ____D () C:\Users\KlownKefka\AppData\Roaming\Ascaron Entertainment
2015-05-10 19:27 - 1997-11-12 23:00 - 00179200 _____ (Intel Corporation) C:\Windows\SysWOW64\rsx.dll
2015-05-10 19:27 - 1997-11-12 23:00 - 00011776 _____ (Intel Corporation) C:\Windows\SysWOW64\aaudio.dll
2015-05-10 17:47 - 2015-05-10 17:47 - 00000000 ____D () C:\Users\KlownKefka\Documents\Zafehouse Diaries
2015-05-10 17:46 - 2015-05-11 07:10 - 00092897 _____ () C:\Windows\DirectX.log
2015-05-07 07:54 - 2015-05-07 07:54 - 00001059 _____ () C:\Users\Public\Desktop\GOG Galaxy.lnk
2015-05-07 07:54 - 2015-05-07 07:54 - 00000000 ____D () C:\ProgramData\GOG.com
2015-05-07 07:54 - 2015-05-07 07:54 - 00000000 ____D () C:\Program Files (x86)\GalaxyClient
2015-05-02 08:37 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\Blank Canvas Signatures for Gmail
2015-05-02 08:36 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\REguullarDDealesa
2015-05-01 08:30 - 2015-05-05 13:24 - 00000079 _____ () C:\Program Files (x86)\prefs.js
2015-04-24 10:09 - 2015-05-18 15:04 - 00000000 ____D () C:\Program Files (x86)\IncrementGeneration
2015-04-24 10:08 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\Online 8 Ball Pool Multiplayer
2015-04-23 12:45 - 2015-05-18 15:04 - 00000000 ____D () C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}
2015-04-23 08:41 - 2015-04-23 08:41 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\openvr
2015-04-22 08:12 - 2015-05-18 15:05 - 00324136 _____ () C:\Windows\PFRO.log
2015-04-20 13:28 - 2015-05-18 15:06 - 00003180 _____ () C:\Windows\setupact.log
2015-04-20 13:28 - 2015-04-20 13:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-20 11:17 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 11:17 - 2015-05-07 07:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-20 11:17 - 2015-04-20 11:17 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-20 11:17 - 2015-04-20 11:17 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 05:41 - 2013-06-20 14:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-18 15:20 - 2013-06-22 03:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-18 15:16 - 2009-07-13 23:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-18 15:16 - 2009-07-13 23:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 15:12 - 2013-06-20 13:38 - 01241992 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 15:09 - 2013-12-09 13:30 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\Deployment
2015-05-18 15:09 - 2013-06-20 14:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-18 15:07 - 2013-06-20 16:30 - 00000000 ____D () C:\Windows\Panther
2015-05-18 15:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 15:06 - 2009-07-13 23:45 - 00285352 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 15:05 - 2013-06-21 07:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 15:05 - 2013-06-21 07:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 15:04 - 2015-04-07 10:55 - 00000000 ____D () C:\Program Files (x86)\BocaFoobar
2015-05-18 15:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-05-18 15:02 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 15:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-18 14:51 - 2013-10-25 09:17 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\Battle.net
2015-05-18 14:44 - 2015-04-09 07:53 - 00000000 ____D () C:\Program Files (x86)\Play Car Racing Games Online
2015-05-18 14:44 - 2015-04-09 07:53 - 00000000 ____D () C:\Program Files (x86)\dowNloaDitkEep
2015-05-18 14:44 - 2014-10-01 11:55 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2015-05-18 14:44 - 2014-09-22 22:26 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\31340
2015-05-18 14:44 - 2014-04-28 08:53 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\41
2015-05-18 04:11 - 2013-06-21 09:31 - 00000000 ____D () C:\Users\KlownKefka\AppData\Roaming\vlc
2015-05-17 12:25 - 2014-12-29 03:58 - 00003835 _____ () C:\Users\KlownKefka\Desktop\On Season 5 Episode 2.txt
2015-05-16 11:49 - 2015-01-18 09:08 - 00000000 ____D () C:\Windows\1
2015-05-15 13:23 - 2013-06-21 07:15 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 13:23 - 2013-06-21 07:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-15 13:23 - 2013-06-21 07:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-15 13:23 - 2013-06-21 07:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-15 13:22 - 2013-08-02 10:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 13:21 - 2013-07-16 08:39 - 00789056 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-15 13:20 - 2009-07-14 00:13 - 00789056 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 13:19 - 2013-10-19 15:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 12:56 - 2013-06-21 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 12:06 - 2013-10-25 09:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-15 11:50 - 2013-12-27 03:50 - 00000000 ____D () C:\GOG Games
2015-05-15 11:50 - 2013-07-02 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-15 11:50 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-14 10:41 - 2014-01-29 09:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 09:39 - 2015-02-23 01:35 - 00000000 ____D () C:\ProgramData\2463925877232163047
2015-05-12 09:38 - 2015-04-03 08:13 - 00000000 ____D () C:\Program Files (x86)\tpErffecctcouponi
2015-05-12 09:38 - 2015-04-03 08:12 - 00000000 ____D () C:\Program Files (x86)\savinnsshop
2015-05-12 00:58 - 2009-07-14 00:08 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-11 07:31 - 2014-12-03 10:28 - 00000000 ____D () C:\Users\KlownKefka\Desktop\SpeedRuns
2015-05-11 07:31 - 2013-06-20 15:12 - 00063200 _____ () C:\Users\KlownKefka\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-11 01:58 - 2013-07-24 01:00 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-05-11 01:58 - 2013-07-24 01:00 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-05-11 01:58 - 2013-07-24 01:00 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-05-11 01:58 - 2013-07-24 01:00 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-05-08 09:01 - 2013-06-29 08:10 - 00000000 ____D () C:\ProgramData\Origin
2015-05-07 07:55 - 2013-08-03 13:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-05 06:43 - 2013-11-03 03:32 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\Turbine
2015-04-30 10:07 - 2013-06-20 14:09 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-29 08:31 - 2013-06-29 08:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-20 11:09 - 2013-06-20 16:21 - 00000000 ____D () C:\Users\KlownKefka\AppData\Roaming\Azureus
2015-04-20 11:08 - 2013-07-09 12:42 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2015-05-01 08:30 - 2015-05-05 13:24 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2013-11-03 03:32 - 2013-11-03 03:32 - 0000098 _____ () C:\Users\KlownKefka\AppData\Local\fusioncache.dat
2015-01-05 09:30 - 2015-01-05 09:48 - 0000040 ___SH () C:\ProgramData\.zreglib

Some content of TEMP:
====================
C:\Users\KlownKefka\AppData\Local\Temp\setacl.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-15 12:45

==================== End Of Log ============================
KoLAddict is offline  
Old 05-21-2015, 05:46 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again.

I didn't ask you to run FRST. Did you do instructions on my last post ? If you did, send fixlog txt. If you didn't do it, please read again my post #8. You need to do the instructions I wrote there.
__________________
tekir06 is offline  
Old 05-21-2015, 11:19 AM   #11
TSF Enthusiast
 
KoLAddict's Avatar
 
Join Date: Jul 2006
Location: Rockford, IL
Posts: 622
OS: Windows 7 32-bit



Sorry I read it but I accidentally posted the wrong text. Here's the right one:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by KlownKefka at 2015-05-20 10:53:40 Run:1
Running from C:\Users\KlownKefka\Downloads
Loaded Profiles: KlownKefka (Available profiles: KlownKefka)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
Startup: C:\Users\KlownKefka\AppData\Roaming\Microsoft\Windows\Start GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-2095355427-1473592897-4083276186-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2015-05-12 09:39 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\NewSuaver
2015-05-02 08:36 - 2015-05-18 14:44 - 00000000 ____D () C:\Program Files (x86)\REguullarDDealesa
2015-04-24 10:09 - 2015-05-18 15:04 - 00000000 ____D () C:\Program Files (x86)\IncrementGeneration
2015-04-23 12:45 - 2015-05-18 15:04 - 00000000 ____D () C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}
2015-05-18 15:04 - 2015-04-07 10:55 - 00000000 ____D () C:\Program Files (x86)\BocaFoobar
2015-05-18 14:44 - 2015-04-09 07:53 - 00000000 ____D () C:\Program Files (x86)\dowNloaDitkEep
2015-05-18 14:44 - 2014-10-01 11:55 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2015-05-18 14:44 - 2014-09-22 22:26 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\31340
2015-05-18 14:44 - 2014-04-28 08:53 - 00000000 ____D () C:\Users\KlownKefka\AppData\Local\41
2015-05-16 11:49 - 2015-01-18 09:08 - 00000000 ____D () C:\Windows\1
2015-05-12 09:38 - 2015-04-03 08:13 - 00000000 ____D () C:\Program Files (x86)\tpErffecctcouponi
2015-05-12 09:38 - 2015-04-03 08:12 - 00000000 ____D () C:\Program Files (x86)\savinnsshop
C:\Users\KlownKefka\AppData\Local\Temp\setacl.exe
end
*****************

Restore point was successfully created.
C:\Users\KlownKefka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\teen seduce.lnk => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-2095355427-1473592897-4083276186-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"C:\Program Files (x86)\NewSuaver" => File/Directory not found.
"C:\Program Files (x86)\REguullarDDealesa" => File/Directory not found.
"C:\Program Files (x86)\IncrementGeneration" => File/Directory not found.
C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437} => Moved successfully.
"C:\Program Files (x86)\BocaFoobar" => File/Directory not found.
"C:\Program Files (x86)\dowNloaDitkEep" => File/Directory not found.
C:\ProgramData\Trusted Publisher => Moved successfully.
C:\Users\KlownKefka\AppData\Local\31340 => Moved successfully.
C:\Users\KlownKefka\AppData\Local\41 => Moved successfully.
C:\Windows\1 => Moved successfully.
"C:\Program Files (x86)\tpErffecctcouponi" => File/Directory not found.
"C:\Program Files (x86)\savinnsshop" => File/Directory not found.
C:\Users\KlownKefka\AppData\Local\Temp\setacl.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog 10:54:06 ====
KoLAddict is offline  
Old 05-23-2015, 04:40 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Sorry for delay.

Chrome is no longer installed on the machine, the detection in the log is a registry key and a folder under the name of Google, that was leftover after the uninstallation.

Your reports are clear. We're done.

Your java is out of date.

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 45 from the following link
Download Free Java Software

=========================================================

Clean up

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 05-24-2015, 06:33 AM   #13
TSF Enthusiast
 
KoLAddict's Avatar
 
Join Date: Jul 2006
Location: Rockford, IL
Posts: 622
OS: Windows 7 32-bit



Awesome thank you very much for all the help. I haven't had any more issues since you've been helping me. You've been fantastic.
KoLAddict is offline  
Old 05-24-2015, 01:37 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hi KoLAddict,

You're welcome. I'm glad to help. Thank you for your patience and cooperation.
__________________
tekir06 is offline  
Old 05-24-2015, 01:52 PM   #15
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



As this is is resolved, this topic will now be closed.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mozilla Improves Malware Blocking in Firefox 31
Mozilla Improves Malware Blocking in Firefox 31 | Threatpost | The first stop for security news
JMH3143 Computer Security News 1 07-25-2014 09:48 PM
[SOLVED] WinXP SP3; IPC error, Shutdown Issues and Taskbar Color issues
Reposting from this link as advised: https://www.techsupportforum.com/forums/f10/external-drive-cam-detection-task-bar-going-grey-627991.html Hi Experts, I wanted to be update to get best performance and removed some services from running along with changes to MSconfig and ended up in...
protocoder Resolved HJT Threads 22 02-18-2012 04:04 AM
How To change the Firefox Bookmark Menu Timing
Firefox Bookmark Menu Timing I ran a program to "speedup" Firefox and it changed the Firefox Bookmark Menu Timing it such a way that I had trouble using a mouse to select Firefox Bookmarks. It took a lot of research to come up with a solution, so, I wanted to post this on "the web" in...
Terry.Harris Mozilla/Firefox Browsers 0 01-17-2011 06:50 AM
Firefox keeps crashing, Computer has malware
Windows Vista Home Premium no service packs. Laptop is dv9700. Recently formatted on thursday and the computer already has viruses/malware, ironically I formatted to remove this firefox has stopped responding error, and immediately on thursday when i JUST formatted the error comes up again. I...
rakasan Inactive Malware Help Topics 0 01-01-2011 05:00 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:52 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts