Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by PhilDesktop (administrator) on PHILDESKTOP-PC on 24-01-2015 10:55:47
Running from C:\Users\PhilDesktop\Downloads
Loaded Profiles: PhilDesktop & (Available profiles: PhilDesktop)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(PS3 Media Server) C:\Phil\PS3 Media Server\pms.exe
(Oracle Corporation) C:\Phil\PS3 Media Server\jre64\bin\javaw.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Iqruz] => C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe [518749 2013-12-03] (Erdoaem Corniratu)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
HKLM-x32\...\Run: [Iqruz] => C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe [518749 2013-12-03] (Erdoaem Corniratu)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-13] (Microsoft Corporation)
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\...\Run: [YdPack] => regsvr32.exe C:\Users\PhilDesktop\AppData\Local\YdPack\ff_unrar.dll <===== ATTENTION
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\...\Run: [YhPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\PhilDesktop\AppData\Local\Obics\kllmisjqcitf.dll
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\...\Run: [Iqruz] => C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe [518749 2013-12-03] (Erdoaem Corniratu)
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\...\MountPoints2: {ba39629d-912d-11e3-9c7a-90fba62d91b2} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YdPack] => regsvr32.exe C:\Users\PhilDesktop\AppData\Local\YdPack\ff_unrar.dll <===== ATTENTION
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YhPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\PhilDesktop\AppData\Local\Obics\kllmisjqcitf.dll
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Iqruz] => C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe [518749 2013-12-03] (Erdoaem Corniratu)
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ba39629d-912d-11e3-9c7a-90fba62d91b2} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CertEnrollCtrl.lnk
ShortcutTarget: CertEnrollCtrl.lnk -> C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\IEUpdate\CertEnrollCtrl.exe (No File)
Startup: C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Startup: C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PS3 Media Server.lnk
ShortcutTarget: PS3 Media Server.lnk -> C:\Phil\PS3 Media Server\pms.exe (PS3 Media Server)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hockeystreams.com/
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hockeystreams.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0D94E18C-F4CD-4D8A-9529-4E5B4BC3C03B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{17B8BB63-E25D-445D-B698-2BC80D77807A}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6B47762E-411E-43F8-939B-3DA62A05D4D1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7345D394-9EF4-4D76-9AA1-3446966D4098}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{93293B17-B4F7-4BDF-942B-41D3ECF92913}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C59BD1F2-052F-46F2-939D-3EBF071C2CF7}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D92446A8-081F-4C9E-B277-5B350E176AED}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E96DE5C1-DE79-4802-B329-2920CCB39F74}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\PhilDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\j07p2rb6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Nap Config Read class - C:\Users\PhilDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\j07p2rb6.default\Extensions\{EA4279B7-40E2-AEA5-B7E2-8C89CFE09FD7} [2015-01-21]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.di.fm/chillout"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-25]
CHR Extension: (Google Drive) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25]
CHR Extension: (Google Search) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25]
CHR Extension: (Google Wallet) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR Extension: (Gmail) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-24] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 10:55 - 2015-01-24 10:57 - 00013899 _____ () C:\Users\PhilDesktop\Downloads\FRST.txt
2015-01-24 10:55 - 2015-01-24 10:55 - 00000000 ____D () C:\FRST
2015-01-24 10:53 - 2015-01-24 10:54 - 02129920 _____ (Farbar) C:\Users\PhilDesktop\Downloads\FRST64.exe
2015-01-24 10:30 - 2015-01-24 10:30 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-24 10:27 - 2015-01-24 10:27 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\PhilDesktop\Downloads\tdsskiller.exe
2015-01-24 00:33 - 2015-01-24 00:33 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\Hepeoz
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 ____D () C:\.cache
2015-01-23 22:25 - 2015-01-24 10:42 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-23 22:25 - 2015-01-23 22:25 - 02174848 _____ () C:\Users\PhilDesktop\Downloads\instsf450.exe
2015-01-23 22:25 - 2015-01-23 22:25 - 00001021 _____ () C:\Users\PhilDesktop\Desktop\SpeedFan.lnk
2015-01-23 22:25 - 2015-01-23 22:25 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2015-01-22 00:19 - 2015-01-24 10:36 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\Fusypoe
2015-01-21 21:17 - 2015-01-23 21:55 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-21 20:21 - 2015-01-24 10:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 20:21 - 2015-01-21 20:21 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:21 - 2015-01-21 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 20:21 - 2015-01-21 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 20:21 - 2015-01-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 20:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 20:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 20:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 20:18 - 2015-01-21 20:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\PhilDesktop\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-21 20:15 - 2015-01-24 10:38 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Local\Obics
2015-01-21 20:15 - 2015-01-21 20:15 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Local\YdPack
2015-01-21 20:13 - 2015-01-21 20:20 - 00000000 ____D () C:\Users\PhilDesktop\Downloads\DiskInternals Uneraser
2015-01-21 20:12 - 2015-01-21 20:12 - 00015877 _____ () C:\Users\PhilDesktop\Downloads\DiskInternals Uneraser.torrent
2015-01-21 19:57 - 2015-01-21 19:58 - 04371928 _____ () C:\Users\PhilDesktop\Downloads\ext2fsd-0.48-bb8.zip
2015-01-21 19:12 - 2015-01-21 19:12 - 00994688 _____ (Ext2Fsd Group ) C:\Users\PhilDesktop\Downloads\Ext2Fsd-0.48.exe
2015-01-21 19:10 - 2015-01-21 19:10 - 01019120 _____ (Ext2Fsd Group ) C:\Users\PhilDesktop\Downloads\Ext2Fsd-0.53 (1).exe
2015-01-21 18:22 - 2015-01-21 18:22 - 03753285 _____ () C:\Users\PhilDesktop\Downloads\ext2explore-2.2.71.zip
2015-01-21 18:12 - 2015-01-21 18:12 - 01019120 _____ (Ext2Fsd Group ) C:\Users\PhilDesktop\Downloads\Ext2Fsd-0.53.exe
2015-01-21 18:05 - 2015-01-21 18:12 - 00000000 ____D () C:\Users\PhilDesktop\.mucommander
2015-01-21 18:04 - 2015-01-21 18:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 18:04 - 2015-01-21 18:04 - 00000000 ____D () C:\ProgramData\Sun
2015-01-21 18:04 - 2015-01-21 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 18:03 - 2015-01-21 18:03 - 00639400 _____ (Oracle Corporation) C:\Users\PhilDesktop\Downloads\chromeinstall-8u31.exe
2015-01-21 18:03 - 2015-01-21 18:03 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 18:03 - 2015-01-21 18:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 18:02 - 2015-01-21 18:02 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\muCommander
2015-01-21 18:02 - 2015-01-21 18:02 - 00000000 ____D () C:\Program Files (x86)\muCommander
2015-01-21 17:25 - 2015-01-21 17:25 - 00495616 _____ (Simon Tatham) C:\Users\PhilDesktop\Downloads\putty (1).exe
2015-01-21 15:58 - 2014-12-07 22:47 - 00000000 ____D () C:\Jess
2015-01-19 13:33 - 2015-01-19 13:33 - 00003224 ____N () C:\bootsqm.dat
2015-01-14 12:39 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:39 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:39 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:39 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:39 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:39 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:39 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:39 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:39 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:39 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:39 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:39 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:39 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:39 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 12:39 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 02:26 - 2015-01-23 21:26 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-09 22:33 - 2015-01-09 22:41 - 00000000 ____D () C:\Users\PhilDesktop\Downloads\Predestination (2014)
2015-01-09 22:33 - 2015-01-09 22:33 - 00008260 _____ () C:\Users\PhilDesktop\Downloads\Predestination_2014_720p.torrent
2015-01-09 22:33 - 2015-01-09 22:33 - 00008260 _____ () C:\Users\PhilDesktop\Downloads\Predestination_2014_720p (1).torrent
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 10:46 - 2009-07-13 23:45 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 10:46 - 2009-07-13 23:45 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 10:45 - 2013-09-25 17:14 - 01796451 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 10:45 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 10:43 - 2013-09-25 20:09 - 00000000 ____D () C:\ProgramData\PMS
2015-01-24 10:42 - 2013-09-25 18:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 10:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 10:38 - 2013-09-25 18:47 - 00016400 _____ () C:\Windows\PFRO.log
2015-01-24 10:38 - 2009-07-13 23:51 - 00410816 _____ () C:\Windows\setupact.log
2015-01-24 10:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SchCache
2015-01-24 10:27 - 2013-09-25 18:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 10:26 - 2014-02-16 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 00:11 - 2013-09-25 18:27 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\vlc
2015-01-23 21:26 - 2014-02-16 12:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-23 21:26 - 2014-02-16 12:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 21:26 - 2014-02-16 12:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 21:29 - 2013-09-25 18:03 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-21 20:34 - 2013-09-25 21:30 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\uTorrent
2015-01-15 03:03 - 2013-11-22 18:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2013-11-22 18:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2013-09-25 18:12 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-10-30 21:31 - 2014-10-31 17:02 - 0000600 _____ () C:\Users\PhilDesktop\AppData\Local\PUTTY.RND
Some content of TEMP:
====================
C:\Users\PhilDesktop\AppData\Local\Temp\jna4983739993642620508.dll
C:\Users\PhilDesktop\AppData\Local\Temp\jna7112748673040625791.dll
C:\Users\PhilDesktop\AppData\Local\Temp\jna7743209456201183421.dll
C:\Users\PhilDesktop\AppData\Local\Temp\jna8781704428511515165.dll
C:\Users\PhilDesktop\AppData\Local\Temp\sfamcc00001.dll
C:\Users\PhilDesktop\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 02:20
==================== End Of Log ============================
Ran by PhilDesktop (administrator) on PHILDESKTOP-PC on 24-01-2015 10:55:47
Running from C:\Users\PhilDesktop\Downloads
Loaded Profiles: PhilDesktop & (Available profiles: PhilDesktop)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(PS3 Media Server) C:\Phil\PS3 Media Server\pms.exe
(Oracle Corporation) C:\Phil\PS3 Media Server\jre64\bin\javaw.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Erdoaem Corniratu) C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Iqruz] => C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe [518749 2013-12-03] (Erdoaem Corniratu)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
HKLM-x32\...\Run: [Iqruz] => C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe [518749 2013-12-03] (Erdoaem Corniratu)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-13] (Microsoft Corporation)
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\...\Run: [YdPack] => regsvr32.exe C:\Users\PhilDesktop\AppData\Local\YdPack\ff_unrar.dll <===== ATTENTION
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\...\Run: [YhPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\PhilDesktop\AppData\Local\Obics\kllmisjqcitf.dll
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\...\Run: [Iqruz] => C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe [518749 2013-12-03] (Erdoaem Corniratu)
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\...\MountPoints2: {ba39629d-912d-11e3-9c7a-90fba62d91b2} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YdPack] => regsvr32.exe C:\Users\PhilDesktop\AppData\Local\YdPack\ff_unrar.dll <===== ATTENTION
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YhPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\PhilDesktop\AppData\Local\Obics\kllmisjqcitf.dll
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Iqruz] => C:\Users\PhilDesktop\AppData\Roaming\Hepeoz\iztoqav.exe [518749 2013-12-03] (Erdoaem Corniratu)
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ba39629d-912d-11e3-9c7a-90fba62d91b2} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CertEnrollCtrl.lnk
ShortcutTarget: CertEnrollCtrl.lnk -> C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\IEUpdate\CertEnrollCtrl.exe (No File)
Startup: C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Startup: C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PS3 Media Server.lnk
ShortcutTarget: PS3 Media Server.lnk -> C:\Phil\PS3 Media Server\pms.exe (PS3 Media Server)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hockeystreams.com/
HKU\S-1-5-21-1394324218-1997661385-1486325378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hockeystreams.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0D94E18C-F4CD-4D8A-9529-4E5B4BC3C03B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{17B8BB63-E25D-445D-B698-2BC80D77807A}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6B47762E-411E-43F8-939B-3DA62A05D4D1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7345D394-9EF4-4D76-9AA1-3446966D4098}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{93293B17-B4F7-4BDF-942B-41D3ECF92913}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C59BD1F2-052F-46F2-939D-3EBF071C2CF7}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D92446A8-081F-4C9E-B277-5B350E176AED}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E96DE5C1-DE79-4802-B329-2920CCB39F74}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\PhilDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\j07p2rb6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Nap Config Read class - C:\Users\PhilDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\j07p2rb6.default\Extensions\{EA4279B7-40E2-AEA5-B7E2-8C89CFE09FD7} [2015-01-21]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.di.fm/chillout"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-25]
CHR Extension: (Google Drive) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25]
CHR Extension: (Google Search) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25]
CHR Extension: (Google Wallet) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR Extension: (Gmail) - C:\Users\PhilDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-24] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 10:55 - 2015-01-24 10:57 - 00013899 _____ () C:\Users\PhilDesktop\Downloads\FRST.txt
2015-01-24 10:55 - 2015-01-24 10:55 - 00000000 ____D () C:\FRST
2015-01-24 10:53 - 2015-01-24 10:54 - 02129920 _____ (Farbar) C:\Users\PhilDesktop\Downloads\FRST64.exe
2015-01-24 10:30 - 2015-01-24 10:30 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-24 10:27 - 2015-01-24 10:27 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\PhilDesktop\Downloads\tdsskiller.exe
2015-01-24 00:33 - 2015-01-24 00:33 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\Hepeoz
2015-01-24 00:20 - 2015-01-24 00:20 - 00000000 ____D () C:\.cache
2015-01-23 22:25 - 2015-01-24 10:42 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-23 22:25 - 2015-01-23 22:25 - 02174848 _____ () C:\Users\PhilDesktop\Downloads\instsf450.exe
2015-01-23 22:25 - 2015-01-23 22:25 - 00001021 _____ () C:\Users\PhilDesktop\Desktop\SpeedFan.lnk
2015-01-23 22:25 - 2015-01-23 22:25 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2015-01-22 00:19 - 2015-01-24 10:36 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\Fusypoe
2015-01-21 21:17 - 2015-01-23 21:55 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-21 20:21 - 2015-01-24 10:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 20:21 - 2015-01-21 20:21 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:21 - 2015-01-21 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 20:21 - 2015-01-21 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 20:21 - 2015-01-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 20:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 20:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 20:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 20:18 - 2015-01-21 20:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\PhilDesktop\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-21 20:15 - 2015-01-24 10:38 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Local\Obics
2015-01-21 20:15 - 2015-01-21 20:15 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Local\YdPack
2015-01-21 20:13 - 2015-01-21 20:20 - 00000000 ____D () C:\Users\PhilDesktop\Downloads\DiskInternals Uneraser
2015-01-21 20:12 - 2015-01-21 20:12 - 00015877 _____ () C:\Users\PhilDesktop\Downloads\DiskInternals Uneraser.torrent
2015-01-21 19:57 - 2015-01-21 19:58 - 04371928 _____ () C:\Users\PhilDesktop\Downloads\ext2fsd-0.48-bb8.zip
2015-01-21 19:12 - 2015-01-21 19:12 - 00994688 _____ (Ext2Fsd Group ) C:\Users\PhilDesktop\Downloads\Ext2Fsd-0.48.exe
2015-01-21 19:10 - 2015-01-21 19:10 - 01019120 _____ (Ext2Fsd Group ) C:\Users\PhilDesktop\Downloads\Ext2Fsd-0.53 (1).exe
2015-01-21 18:22 - 2015-01-21 18:22 - 03753285 _____ () C:\Users\PhilDesktop\Downloads\ext2explore-2.2.71.zip
2015-01-21 18:12 - 2015-01-21 18:12 - 01019120 _____ (Ext2Fsd Group ) C:\Users\PhilDesktop\Downloads\Ext2Fsd-0.53.exe
2015-01-21 18:05 - 2015-01-21 18:12 - 00000000 ____D () C:\Users\PhilDesktop\.mucommander
2015-01-21 18:04 - 2015-01-21 18:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 18:04 - 2015-01-21 18:04 - 00000000 ____D () C:\ProgramData\Sun
2015-01-21 18:04 - 2015-01-21 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 18:03 - 2015-01-21 18:03 - 00639400 _____ (Oracle Corporation) C:\Users\PhilDesktop\Downloads\chromeinstall-8u31.exe
2015-01-21 18:03 - 2015-01-21 18:03 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 18:03 - 2015-01-21 18:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 18:02 - 2015-01-21 18:02 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\muCommander
2015-01-21 18:02 - 2015-01-21 18:02 - 00000000 ____D () C:\Program Files (x86)\muCommander
2015-01-21 17:25 - 2015-01-21 17:25 - 00495616 _____ (Simon Tatham) C:\Users\PhilDesktop\Downloads\putty (1).exe
2015-01-21 15:58 - 2014-12-07 22:47 - 00000000 ____D () C:\Jess
2015-01-19 13:33 - 2015-01-19 13:33 - 00003224 ____N () C:\bootsqm.dat
2015-01-14 12:39 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:39 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:39 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:39 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:39 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:39 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:39 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:39 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:39 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:39 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:39 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:39 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:39 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:39 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 12:39 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 02:26 - 2015-01-23 21:26 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-09 22:33 - 2015-01-09 22:41 - 00000000 ____D () C:\Users\PhilDesktop\Downloads\Predestination (2014)
2015-01-09 22:33 - 2015-01-09 22:33 - 00008260 _____ () C:\Users\PhilDesktop\Downloads\Predestination_2014_720p.torrent
2015-01-09 22:33 - 2015-01-09 22:33 - 00008260 _____ () C:\Users\PhilDesktop\Downloads\Predestination_2014_720p (1).torrent
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 10:46 - 2009-07-13 23:45 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 10:46 - 2009-07-13 23:45 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 10:45 - 2013-09-25 17:14 - 01796451 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 10:45 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 10:43 - 2013-09-25 20:09 - 00000000 ____D () C:\ProgramData\PMS
2015-01-24 10:42 - 2013-09-25 18:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 10:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 10:38 - 2013-09-25 18:47 - 00016400 _____ () C:\Windows\PFRO.log
2015-01-24 10:38 - 2009-07-13 23:51 - 00410816 _____ () C:\Windows\setupact.log
2015-01-24 10:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SchCache
2015-01-24 10:27 - 2013-09-25 18:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 10:26 - 2014-02-16 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 00:11 - 2013-09-25 18:27 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\vlc
2015-01-23 21:26 - 2014-02-16 12:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-23 21:26 - 2014-02-16 12:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 21:26 - 2014-02-16 12:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 21:29 - 2013-09-25 18:03 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-21 20:34 - 2013-09-25 21:30 - 00000000 ____D () C:\Users\PhilDesktop\AppData\Roaming\uTorrent
2015-01-15 03:03 - 2013-11-22 18:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2013-11-22 18:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2013-09-25 18:12 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-10-30 21:31 - 2014-10-31 17:02 - 0000600 _____ () C:\Users\PhilDesktop\AppData\Local\PUTTY.RND
Some content of TEMP:
====================
C:\Users\PhilDesktop\AppData\Local\Temp\jna4983739993642620508.dll
C:\Users\PhilDesktop\AppData\Local\Temp\jna7112748673040625791.dll
C:\Users\PhilDesktop\AppData\Local\Temp\jna7743209456201183421.dll
C:\Users\PhilDesktop\AppData\Local\Temp\jna8781704428511515165.dll
C:\Users\PhilDesktop\AppData\Local\Temp\sfamcc00001.dll
C:\Users\PhilDesktop\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 02:20
==================== End Of Log ============================