Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
COM Surrogate - dllhost.exe *32 -- Multiple instances
Message
<blockquote data-quote="tdnxxx444" data-source="post: 267613" data-attributes="member: 28320"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01</p><p>Ran by tnguyen (administrator) on TNGUYEN-PC on 25-09-2014 13:35:59</p><p>Running from C:\Users\tnguyen\Downloads</p><p>Loaded Profile: tnguyen (Available profiles: tnguyen)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe</p><p>(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(O2Micro International) C:\Windows\System32\drivers\o2flash.exe</p><p>() C:\Windows\SysWOW64\srvany.exe</p><p>(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe</p><p>(Microsoft Corporation) C:\Windows\System32\regsvr32.exe</p><p>(Dell) C:\Users\tnguyen\AppData\Local\Apps\2.0\9X2C6MG0.M3Z\KVBV3ZRA.CYN\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe</p><p>(Dropbox, Inc.) C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\Dropbox.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe</p><p>(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe</p><p>(Microsoft Corporation) C:\Windows\System32\taskmgr.exe</p><p>() C:\Program Files (x86)\pgAdmin III\1.18\pgadmin3.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(<a href="http://www.jimradford.com/" target="_blank">http://www.jimradford.com/</a>) C:\Program Files (x86)\SuperPutty-1.4.0.4\SuperPutty.exe</p><p>(Simon Tatham) C:\Program Files (x86)\PuTTY\putty.exe</p><p>(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe</p><p>(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe</p><p>(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)</p><p>HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)</p><p>HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)</p><p>HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-23] (Intel Corporation)</p><p>HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)</p><p>HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-280668642-803239663-4213265422-1000\...\Run: [Idsnsoft Update] => regsvr32.exe C:\Users\tnguyen\AppData\Local\Idsnsoft\3cmlink.dll</p><p>HKU\S-1-5-21-280668642-803239663-4213265422-1000\...\Run: [DellSystemDetect] => C:\Users\tnguyen\AppData\Local\Apps\2.0\9X2C6MG0.M3Z\KVBV3ZRA.CYN\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-11] (Dell)</p><p>HKU\S-1-5-21-280668642-803239663-4213265422-1000\...\Policies\Explorer: [Run] "C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\IEUpdate\fc.exe"</p><p>Startup: C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</p><p>ShortcutTarget: Dropbox.lnk -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (<a href="http://tortoisesvn.net" target="_blank">http://tortoisesvn.net</a>)</p><p>BootExecute: autocheck autochk * sh4native Sh4Removal</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5B9223559A6DCF01</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us</p><p>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe</p><p>SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 172.25.52.201 172.25.52.202</p><p>Tcpip\..\Interfaces\{28E5EBFF-C31F-484C-85A2-34C25FAAC254}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\tnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\stbf0g9q.default</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Extension: System.Security.Cryptography.ToBase64Transform - C:\Users\tnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\stbf0g9q.default\Extensions\{5F2BF72B-E9C5-90C3-7654-13AD06039963} [2014-05-28]</p><p>FF Extension: Firebug - C:\Users\tnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\stbf0g9q.default\Extensions\<a href="mailto:firebug@software.joehewitt.com.xpi">firebug@software.joehewitt.com.xpi</a> [2014-05-12]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Profile: C:\Users\tnguyen\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-15]</p><p>CHR Extension: (Google Wallet) - C:\Users\tnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)</p><p>R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]</p><p>R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)</p><p>R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)</p><p>R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()</p><p>S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-25] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)</p><p>R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)</p><p>S3 catchme; \??\C:\ComboFix\catchme.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-09-25 13:35 - 2014-09-25 13:36 - 00019832 _____ () C:\Users\tnguyen\Downloads\FRST.txt</p><p>2014-09-25 13:12 - 2014-09-25 13:12 - 00000114 ____H () C:\Users\tnguyen\Downloads\.~lock.Natural Partners ISD - Sales Feed v1.06 (1).docx#</p><p>2014-09-25 11:47 - 2014-09-25 11:47 - 00000000 _____ () C:\Users\tnguyen\Downloads\ark.txt</p><p>2014-09-25 10:39 - 2014-09-25 10:39 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (3).exe</p><p>2014-09-25 10:16 - 2014-09-25 10:16 - 00954656 _____ () C:\Windows\Minidump\092514-14180-01.dmp</p><p>2014-09-25 02:16 - 2014-09-25 02:16 - 00027206 _____ () C:\ComboFix.txt</p><p>2014-09-24 22:19 - 2014-09-25 02:16 - 00000000 ____D () C:\Qoobox</p><p>2014-09-24 22:19 - 2014-09-25 02:15 - 00000000 ____D () C:\Windows\erdnt</p><p>2014-09-24 22:19 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe</p><p>2014-09-24 22:19 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe</p><p>2014-09-24 22:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe</p><p>2014-09-24 22:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe</p><p>2014-09-24 22:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe</p><p>2014-09-24 22:19 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe</p><p>2014-09-24 22:19 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe</p><p>2014-09-24 22:19 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe</p><p>2014-09-24 20:16 - 2014-09-25 13:35 - 00000000 ____D () C:\Users\tnguyen\Downloads\FRST-OlderVersion</p><p>2014-09-24 20:11 - 2014-09-24 20:11 - 00000668 _____ () C:\Users\tnguyen\Downloads\ark.old.txt</p><p>2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\tnguyen\Downloads\tdsskiller</p><p>2014-09-24 19:55 - 2014-09-24 19:55 - 00080384 _____ () C:\Windows\system32\izmfodi.dll</p><p>2014-09-24 19:55 - 2014-09-24 19:55 - 00003860 _____ () C:\Windows\System32\Tasks\{D7C9FEE3-30DE-810E-6CCC-FEACECB6A9EB}</p><p>2014-09-24 19:55 - 2014-09-24 19:55 - 00000000 _____ () C:\Windows\system32\hrnswp.dll</p><p>2014-09-24 19:41 - 2014-09-24 19:41 - 00000000 ____D () C:\found.000</p><p>2014-09-24 18:14 - 2014-09-24 18:14 - 00006933 _____ () C:\Users\tnguyen\Downloads\Fixlist_old2.txt</p><p>2014-09-24 17:57 - 2014-09-24 18:15 - 00008568 _____ () C:\Users\tnguyen\Desktop\malware steps.txt</p><p>2014-09-24 15:30 - 2014-09-24 15:30 - 00021241 _____ () C:\Users\tnguyen\Downloads\natural_partners_production_sql_v7.sql</p><p>2014-09-24 15:27 - 2014-09-24 15:27 - 05579290 _____ (Swearware) C:\Users\tnguyen\Downloads\ComboFix (2).exe</p><p>2014-09-24 15:23 - 2014-09-24 15:24 - 05579290 _____ (Swearware) C:\Users\tnguyen\Downloads\ComboFix (1).exe</p><p>2014-09-24 15:16 - 2014-09-24 15:17 - 05579290 ____R (Swearware) C:\Users\tnguyen\Downloads\ComboFix.exe</p><p>2014-09-24 14:16 - 2014-09-24 14:16 - 04161313 _____ () C:\Users\tnguyen\Downloads\tdsskiller.zip</p><p>2014-09-24 14:15 - 2014-09-24 14:15 - 00380416 _____ () C:\Users\tnguyen\Downloads\6sr7nx6b.exe</p><p>2014-09-24 14:14 - 2014-09-24 14:15 - 00380416 _____ () C:\Users\tnguyen\Downloads\zt02npml.exe</p><p>2014-09-23 17:31 - 2014-09-23 17:31 - 00312832 _____ () C:\Users\tnguyen\Downloads\NEX-128201 - SO Charging Return fees for Damaged and Wrong Item shipped should not be charged.msg</p><p>2014-09-23 15:36 - 2014-09-23 15:36 - 00031919 _____ () C:\Users\tnguyen\Downloads\Addition.txt</p><p>2014-09-23 15:35 - 2014-09-23 15:36 - 00046674 _____ () C:\Users\tnguyen\Downloads\FRST_old2.txt</p><p>2014-09-23 10:22 - 2014-09-25 10:16 - 755715319 _____ () C:\Windows\MEMORY.DMP</p><p>2014-09-23 10:22 - 2014-09-25 10:16 - 00000000 ____D () C:\Windows\Minidump</p><p>2014-09-23 10:22 - 2014-09-23 10:23 - 00930352 _____ () C:\Windows\Minidump\092314-15568-01.dmp</p><p>2014-09-19 12:09 - 2014-09-19 12:09 - 00002055 _____ () C:\Users\tnguyen\Downloads\fixlist_old.txt</p><p>2014-09-19 11:02 - 2014-09-19 11:03 - 00111443 _____ () C:\Users\tnguyen\Downloads\list.html</p><p>2014-09-18 17:23 - 2014-09-18 17:26 - 00030183 _____ () C:\Users\tnguyen\Downloads\Addition_old.txt</p><p>2014-09-18 17:20 - 2014-09-25 13:36 - 00000000 ____D () C:\FRST</p><p>2014-09-18 17:20 - 2014-09-19 13:48 - 00020997 _____ () C:\Users\tnguyen\Downloads\FRST_old.txt</p><p>2014-09-18 16:54 - 2014-09-25 13:35 - 02108928 _____ (Farbar) C:\Users\tnguyen\Downloads\FRST64.exe</p><p>2014-09-18 16:45 - 2014-09-18 16:45 - 00000000 ____D () C:\zoek_backup</p><p>2014-09-18 16:44 - 2014-09-18 16:44 - 01290240 _____ () C:\Users\tnguyen\Downloads\zoek.exe</p><p>2014-09-18 16:05 - 2014-09-18 16:06 - 00002758 _____ () C:\Users\tnguyen\Desktop\sprint rebate.txt</p><p>2014-09-18 15:20 - 2014-09-25 13:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-09-18 15:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-09-18 15:19 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-09-18 15:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2014-09-18 11:02 - 2014-09-18 11:03 - 00013474 _____ () C:\Users\tnguyen\Downloads\Miami.xlsx</p><p>2014-09-16 23:16 - 2014-09-16 23:16 - 00000524 _____ () C:\Users\tnguyen\Desktop\rita.txt</p><p>2014-09-16 20:14 - 2014-09-16 23:04 - 00000216 _____ () C:\Users\tnguyen\Desktop\handytix.txt</p><p>2014-09-16 17:52 - 2014-09-16 17:52 - 00321848 _____ (Malwarebytes Corporation) C:\Users\tnguyen\Downloads\mbam-clean-2.1.1.1001.exe</p><p>2014-09-16 14:55 - 2014-09-16 14:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\tnguyen\Downloads\mbam-setup-2.0.2.1012.exe</p><p>2014-09-16 11:21 - 2014-09-16 11:33 - 00000000 ____D () C:\AdwCleaner</p><p>2014-09-16 11:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll</p><p>2014-09-16 10:52 - 2014-09-16 10:52 - 00006446 _____ () C:\Users\tnguyen\Downloads\Netconf-batch-file.zip</p><p>2014-09-16 10:52 - 2014-09-16 10:52 - 00000000 ____D () C:\Users\tnguyen\Downloads\Netconf-batch-file</p><p>2014-09-16 09:49 - 2014-09-24 14:57 - 00088069 _____ () C:\spyhunter.fix</p><p>2014-09-16 09:49 - 2010-05-13 18:34 - 00014232 _____ () C:\Windows\SysWOW64\sh4native.exe</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00003350 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00002288 _____ () C:\Users\tnguyen\Desktop\SpyHunter.lnk</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\sh4ldr</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group</p><p>2014-09-15 21:34 - 2014-09-15 21:36 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP</p><p>2014-09-15 14:14 - 2014-09-15 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype</p><p>2014-09-15 14:10 - 2014-09-15 14:10 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (2).exe</p><p>2014-09-15 12:32 - 2014-09-15 12:33 - 00000000 ____D () C:\Users\tnguyen\Downloads\SpyHunter 4.1.11.0 + Crack</p><p>2014-09-15 12:32 - 2014-09-15 12:33 - 00000000 ____D () C:\Users\tnguyen\Downloads\PhpStorm 7.1.3 Build #PS-133.982</p><p>2014-09-15 12:26 - 2014-09-15 12:26 - 00000000 ____D () C:\fdf030c81114b4942ea70b884feb</p><p>2014-09-15 12:25 - 2014-09-15 12:27 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (1).exe</p><p>2014-09-15 12:24 - 2014-09-15 12:25 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16.exe</p><p>2014-09-15 10:40 - 2014-09-15 10:40 - 00000102 ____H () C:\Users\tnguyen\Downloads\.~lock.Lenox ISD - Sales Feed v1.16.docx#</p><p>2014-09-15 10:39 - 2014-09-15 10:39 - 00000000 _____ () C:\autoexec.bat</p><p>2014-09-15 10:31 - 2014-09-15 10:31 - 00000000 ____D () C:\Program Files\Enigma Software Group</p><p>2014-09-15 10:23 - 2014-09-15 10:23 - 00003460 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task</p><p>2014-09-15 10:21 - 2014-09-15 21:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP</p><p>2014-09-15 10:19 - 2014-09-15 10:19 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\tnguyen\Downloads\SpyHunter-Installer.exe</p><p>2014-09-14 21:43 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-09-14 13:18 - 2014-09-24 19:54 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage</p><p>2014-09-13 12:35 - 2014-09-13 12:35 - 00000000 ____D () C:\Users\tnguyen\Downloads\innodojo</p><p>2014-09-13 12:34 - 2014-09-13 12:34 - 04235548 _____ () C:\Users\tnguyen\Downloads\innodojo.rar</p><p>2014-09-09 12:03 - 2014-09-09 12:03 - 03676207 _____ () C:\Users\tnguyen\Downloads\nyenison_deliverables.zip</p><p>2014-09-09 12:03 - 2014-09-09 12:03 - 00000000 ____D () C:\Users\tnguyen\Downloads\nyenison_deliverables</p><p>2014-09-06 17:54 - 2014-09-06 17:54 - 00000053 _____ () C:\Users\tnguyen\Downloads\googlee0e4a1b1d318b0b3.html</p><p>2014-09-06 11:53 - 2014-09-06 11:53 - 00123286 _____ () C:\Users\tnguyen\Downloads\PO_20140904135041-AAFES-UAT.xml</p><p>2014-09-04 14:34 - 2014-09-04 14:34 - 00025042 _____ () C:\Users\tnguyen\Desktop\hs_err_pid16792.log</p><p>2014-09-04 11:13 - 2014-09-05 13:08 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}</p><p>2014-09-03 15:47 - 2001-12-19 11:45 - 00008576 _____ (Microsoft Corporation) C:\Windows\system32\VCdRom.sys</p><p>2014-09-03 15:40 - 2001-12-19 11:45 - 00008576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VCdRom.sys</p><p>2014-09-03 15:38 - 2014-09-03 15:38 - 00000000 ____D () C:\Users\tnguyen\Desktop\virtualcd</p><p>2014-09-03 15:37 - 2014-09-03 15:37 - 00061064 _____ () C:\Users\tnguyen\Downloads\winxpvirtualcdcontrolpanel_21.exe</p><p>2014-08-29 12:31 - 2014-08-29 12:31 - 00000000 ____D () C:\ProgramData\InstallMate</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-09-25 13:36 - 2014-09-25 13:35 - 00019832 _____ () C:\Users\tnguyen\Downloads\FRST.txt</p><p>2014-09-25 13:36 - 2014-09-18 17:20 - 00000000 ____D () C:\FRST</p><p>2014-09-25 13:35 - 2014-09-24 20:16 - 00000000 ____D () C:\Users\tnguyen\Downloads\FRST-OlderVersion</p><p>2014-09-25 13:35 - 2014-09-18 16:54 - 02108928 _____ (Farbar) C:\Users\tnguyen\Downloads\FRST64.exe</p><p>2014-09-25 13:25 - 2014-05-11 23:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-09-25 13:21 - 2014-09-18 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-09-25 13:13 - 2014-05-12 10:01 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Skype</p><p>2014-09-25 13:12 - 2014-09-25 13:12 - 00000114 ____H () C:\Users\tnguyen\Downloads\.~lock.Natural Partners ISD - Sales Feed v1.06 (1).docx#</p><p>2014-09-25 13:04 - 2014-05-12 10:59 - 00000600 _____ () C:\Users\tnguyen\AppData\Local\PUTTY.RND</p><p>2014-09-25 13:02 - 2014-07-13 22:57 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-09-25 12:48 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-09-25 12:45 - 2014-05-11 00:00 - 00465369 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-09-25 12:43 - 2014-05-12 11:50 - 00000000 ___RD () C:\Users\tnguyen\Dropbox</p><p>2014-09-25 12:43 - 2014-05-12 11:49 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Dropbox</p><p>2014-09-25 12:42 - 2014-07-13 22:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-09-25 12:42 - 2014-05-14 09:45 - 00000000 ____D () C:\Users\tnguyen\AppData\Local\TSVNCache</p><p>2014-09-25 12:42 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-09-25 12:42 - 2009-07-13 23:51 - 00034961 _____ () C:\Windows\setupact.log</p><p>2014-09-25 12:41 - 2014-05-12 09:52 - 00000000 ____D () C:\Program Files (x86)\Trillian</p><p>2014-09-25 11:47 - 2014-09-25 11:47 - 00000000 _____ () C:\Users\tnguyen\Downloads\ark.txt</p><p>2014-09-25 11:36 - 2014-05-12 10:40 - 00002764 _____ () C:\Users\tnguyen\SuperPutty.settings</p><p>2014-09-25 11:36 - 2009-07-13 23:45 - 00019456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-09-25 11:36 - 2009-07-13 23:45 - 00019456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-09-25 10:39 - 2014-09-25 10:39 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (3).exe</p><p>2014-09-25 10:16 - 2014-09-25 10:16 - 00954656 _____ () C:\Windows\Minidump\092514-14180-01.dmp</p><p>2014-09-25 10:16 - 2014-09-23 10:22 - 755715319 _____ () C:\Windows\MEMORY.DMP</p><p>2014-09-25 10:16 - 2014-09-23 10:22 - 00000000 ____D () C:\Windows\Minidump</p><p>2014-09-25 10:16 - 2010-11-20 22:47 - 05180326 _____ () C:\Windows\PFRO.log</p><p>2014-09-25 02:16 - 2014-09-25 02:16 - 00027206 _____ () C:\ComboFix.txt</p><p>2014-09-25 02:16 - 2014-09-24 22:19 - 00000000 ____D () C:\Qoobox</p><p>2014-09-25 02:16 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default</p><p>2014-09-25 02:15 - 2014-09-24 22:19 - 00000000 ____D () C:\Windows\erdnt</p><p>2014-09-25 02:15 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini</p><p>2014-09-24 21:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports</p><p>2014-09-24 21:15 - 2014-07-13 22:57 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-09-24 20:11 - 2014-09-24 20:11 - 00000668 _____ () C:\Users\tnguyen\Downloads\ark.old.txt</p><p>2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\tnguyen\Downloads\tdsskiller</p><p>2014-09-24 19:55 - 2014-09-24 19:55 - 00080384 _____ () C:\Windows\system32\izmfodi.dll</p><p>2014-09-24 19:55 - 2014-09-24 19:55 - 00003860 _____ () C:\Windows\System32\Tasks\{D7C9FEE3-30DE-810E-6CCC-FEACECB6A9EB}</p><p>2014-09-24 19:55 - 2014-09-24 19:55 - 00000000 _____ () C:\Windows\system32\hrnswp.dll</p><p>2014-09-24 19:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep</p><p>2014-09-24 19:54 - 2014-09-14 13:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage</p><p>2014-09-24 19:41 - 2014-09-24 19:41 - 00000000 ____D () C:\found.000</p><p>2014-09-24 18:15 - 2014-09-24 17:57 - 00008568 _____ () C:\Users\tnguyen\Desktop\malware steps.txt</p><p>2014-09-24 18:14 - 2014-09-24 18:14 - 00006933 _____ () C:\Users\tnguyen\Downloads\Fixlist_old2.txt</p><p>2014-09-24 18:07 - 2014-07-31 20:32 - 00013972 _____ () C:\Users\tnguyen\Desktop\research.txt</p><p>2014-09-24 16:14 - 2014-05-13 12:12 - 00173185 _____ () C:\Users\tnguyen\Documents\pgadmin.log</p><p>2014-09-24 15:30 - 2014-09-24 15:30 - 00021241 _____ () C:\Users\tnguyen\Downloads\natural_partners_production_sql_v7.sql</p><p>2014-09-24 15:27 - 2014-09-24 15:27 - 05579290 _____ (Swearware) C:\Users\tnguyen\Downloads\ComboFix (2).exe</p><p>2014-09-24 15:24 - 2014-09-24 15:23 - 05579290 _____ (Swearware) C:\Users\tnguyen\Downloads\ComboFix (1).exe</p><p>2014-09-24 15:17 - 2014-09-24 15:16 - 05579290 ____R (Swearware) C:\Users\tnguyen\Downloads\ComboFix.exe</p><p>2014-09-24 14:57 - 2014-09-16 09:49 - 00088069 _____ () C:\spyhunter.fix</p><p>2014-09-24 14:39 - 2014-05-13 16:16 - 00000600 _____ () C:\Users\tnguyen\AppData\Roaming\winscp.rnd</p><p>2014-09-24 14:16 - 2014-09-24 14:16 - 04161313 _____ () C:\Users\tnguyen\Downloads\tdsskiller.zip</p><p>2014-09-24 14:15 - 2014-09-24 14:15 - 00380416 _____ () C:\Users\tnguyen\Downloads\6sr7nx6b.exe</p><p>2014-09-24 14:15 - 2014-09-24 14:14 - 00380416 _____ () C:\Users\tnguyen\Downloads\zt02npml.exe</p><p>2014-09-23 17:31 - 2014-09-23 17:31 - 00312832 _____ () C:\Users\tnguyen\Downloads\NEX-128201 - SO Charging Return fees for Damaged and Wrong Item shipped should not be charged.msg</p><p>2014-09-23 17:25 - 2014-05-11 23:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-09-23 17:25 - 2014-05-11 23:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-09-23 17:25 - 2014-05-11 23:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2014-09-23 15:36 - 2014-09-23 15:36 - 00031919 _____ () C:\Users\tnguyen\Downloads\Addition.txt</p><p>2014-09-23 15:36 - 2014-09-23 15:35 - 00046674 _____ () C:\Users\tnguyen\Downloads\FRST_old2.txt</p><p>2014-09-23 10:23 - 2014-09-23 10:22 - 00930352 _____ () C:\Windows\Minidump\092314-15568-01.dmp</p><p>2014-09-22 03:38 - 2014-06-25 19:43 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\vlc</p><p>2014-09-21 16:43 - 2014-05-12 14:43 - 00000000 ____D () C:\Users\tnguyen\.VirtualBox</p><p>2014-09-19 13:48 - 2014-09-18 17:20 - 00020997 _____ () C:\Users\tnguyen\Downloads\FRST_old.txt</p><p>2014-09-19 12:09 - 2014-09-19 12:09 - 00002055 _____ () C:\Users\tnguyen\Downloads\fixlist_old.txt</p><p>2014-09-19 11:03 - 2014-09-19 11:02 - 00111443 _____ () C:\Users\tnguyen\Downloads\list.html</p><p>2014-09-18 22:43 - 2014-05-14 13:35 - 00000000 ____D () C:\Windows\CCBAA1F7E5E148B29ED9A79C6A37CE78.TMP</p><p>2014-09-18 17:26 - 2014-09-18 17:23 - 00030183 _____ () C:\Users\tnguyen\Downloads\Addition_old.txt</p><p>2014-09-18 16:45 - 2014-09-18 16:45 - 00000000 ____D () C:\zoek_backup</p><p>2014-09-18 16:44 - 2014-09-18 16:44 - 01290240 _____ () C:\Users\tnguyen\Downloads\zoek.exe</p><p>2014-09-18 16:06 - 2014-09-18 16:05 - 00002758 _____ () C:\Users\tnguyen\Desktop\sprint rebate.txt</p><p>2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-09-18 13:46 - 2014-05-12 11:50 - 00001025 _____ () C:\Users\tnguyen\Desktop\Dropbox.lnk</p><p>2014-09-18 13:46 - 2014-05-12 11:49 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox</p><p>2014-09-18 11:03 - 2014-09-18 11:02 - 00013474 _____ () C:\Users\tnguyen\Downloads\Miami.xlsx</p><p>2014-09-16 23:16 - 2014-09-16 23:16 - 00000524 _____ () C:\Users\tnguyen\Desktop\rita.txt</p><p>2014-09-16 23:04 - 2014-09-16 20:14 - 00000216 _____ () C:\Users\tnguyen\Desktop\handytix.txt</p><p>2014-09-16 21:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech</p><p>2014-09-16 17:52 - 2014-09-16 17:52 - 00321848 _____ (Malwarebytes Corporation) C:\Users\tnguyen\Downloads\mbam-clean-2.1.1.1001.exe</p><p>2014-09-16 14:55 - 2014-09-16 14:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\tnguyen\Downloads\mbam-setup-2.0.2.1012.exe</p><p>2014-09-16 11:33 - 2014-09-16 11:21 - 00000000 ____D () C:\AdwCleaner</p><p>2014-09-16 10:52 - 2014-09-16 10:52 - 00006446 _____ () C:\Users\tnguyen\Downloads\Netconf-batch-file.zip</p><p>2014-09-16 10:52 - 2014-09-16 10:52 - 00000000 ____D () C:\Users\tnguyen\Downloads\Netconf-batch-file</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00003350 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00002288 _____ () C:\Users\tnguyen\Desktop\SpyHunter.lnk</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\sh4ldr</p><p>2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group</p><p>2014-09-15 21:36 - 2014-09-15 21:34 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP</p><p>2014-09-15 21:23 - 2014-09-15 10:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP</p><p>2014-09-15 14:14 - 2014-09-15 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype</p><p>2014-09-15 14:14 - 2014-05-12 10:00 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk</p><p>2014-09-15 14:14 - 2014-05-12 10:00 - 00000000 ___RD () C:\Program Files (x86)\Skype</p><p>2014-09-15 14:14 - 2014-05-12 10:00 - 00000000 ____D () C:\ProgramData\Skype</p><p>2014-09-15 14:10 - 2014-09-15 14:10 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (2).exe</p><p>2014-09-15 14:03 - 2014-05-12 12:33 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\BitTorrent</p><p>2014-09-15 12:33 - 2014-09-15 12:32 - 00000000 ____D () C:\Users\tnguyen\Downloads\SpyHunter 4.1.11.0 + Crack</p><p>2014-09-15 12:33 - 2014-09-15 12:32 - 00000000 ____D () C:\Users\tnguyen\Downloads\PhpStorm 7.1.3 Build #PS-133.982</p><p>2014-09-15 12:27 - 2014-09-15 12:25 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (1).exe</p><p>2014-09-15 12:26 - 2014-09-15 12:26 - 00000000 ____D () C:\fdf030c81114b4942ea70b884feb</p><p>2014-09-15 12:25 - 2014-09-15 12:24 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16.exe</p><p>2014-09-15 10:40 - 2014-09-15 10:40 - 00000102 ____H () C:\Users\tnguyen\Downloads\.~lock.Lenox ISD - Sales Feed v1.16.docx#</p><p>2014-09-15 10:39 - 2014-09-15 10:39 - 00000000 _____ () C:\autoexec.bat</p><p>2014-09-15 10:31 - 2014-09-15 10:31 - 00000000 ____D () C:\Program Files\Enigma Software Group</p><p>2014-09-15 10:24 - 2014-07-13 22:56 - 00000000 ____D () C:\Users\tnguyen\AppData\Local\Google</p><p>2014-09-15 10:23 - 2014-09-15 10:23 - 00003460 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task</p><p>2014-09-15 10:19 - 2014-09-15 10:19 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\tnguyen\Downloads\SpyHunter-Installer.exe</p><p>2014-09-14 20:46 - 2014-05-12 14:33 - 00000000 ____D () C:\Program Files\Sublime Text 2</p><p>2014-09-14 20:45 - 2014-08-19 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2014-09-14 20:38 - 2014-05-12 14:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2014-09-14 16:51 - 2014-05-12 14:43 - 00000000 ____D () C:\Users\tnguyen\.vagrant.d</p><p>2014-09-13 12:35 - 2014-09-13 12:35 - 00000000 ____D () C:\Users\tnguyen\Downloads\innodojo</p><p>2014-09-13 12:34 - 2014-09-13 12:34 - 04235548 _____ () C:\Users\tnguyen\Downloads\innodojo.rar</p><p>2014-09-09 23:23 - 2014-05-11 23:13 - 00000000 ____D () C:\Users\tnguyen\AppData\Local\Deployment</p><p>2014-09-09 12:03 - 2014-09-09 12:03 - 03676207 _____ () C:\Users\tnguyen\Downloads\nyenison_deliverables.zip</p><p>2014-09-09 12:03 - 2014-09-09 12:03 - 00000000 ____D () C:\Users\tnguyen\Downloads\nyenison_deliverables</p><p>2014-09-09 11:48 - 2014-05-13 12:24 - 00000000 ____D () C:\Users\tnguyen\Development</p><p>2014-09-06 17:54 - 2014-09-06 17:54 - 00000053 _____ () C:\Users\tnguyen\Downloads\googlee0e4a1b1d318b0b3.html</p><p>2014-09-06 11:53 - 2014-09-06 11:53 - 00123286 _____ () C:\Users\tnguyen\Downloads\PO_20140904135041-AAFES-UAT.xml</p><p>2014-09-05 13:08 - 2014-09-04 11:13 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}</p><p>2014-09-04 14:34 - 2014-09-04 14:34 - 00025042 _____ () C:\Users\tnguyen\Desktop\hs_err_pid16792.log</p><p>2014-09-03 15:38 - 2014-09-03 15:38 - 00000000 ____D () C:\Users\tnguyen\Desktop\virtualcd</p><p>2014-09-03 15:37 - 2014-09-03 15:37 - 00061064 _____ () C:\Users\tnguyen\Downloads\winxpvirtualcdcontrolpanel_21.exe</p><p>2014-08-29 13:01 - 2014-09-14 21:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-08-29 12:31 - 2014-08-29 12:31 - 00000000 ____D () C:\ProgramData\InstallMate</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\tnguyen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuusqc.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-08-22 13:10</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="tdnxxx444, post: 267613, member: 28320"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01 Ran by tnguyen (administrator) on TNGUYEN-PC on 25-09-2014 13:35:59 Running from C:\Users\tnguyen\Downloads Loaded Profile: tnguyen (Available profiles: tnguyen) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe () C:\Windows\SysWOW64\srvany.exe (O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ([url]http://tortoisesvn.net[/url]) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe ([url]http://tortoisesvn.net[/url]) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Dell) C:\Users\tnguyen\AppData\Local\Apps\2.0\9X2C6MG0.M3Z\KVBV3ZRA.CYN\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe (Dropbox, Inc.) C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe () C:\Program Files (x86)\pgAdmin III\1.18\pgadmin3.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ([url]http://www.jimradford.com/[/url]) C:\Program Files (x86)\SuperPutty-1.4.0.4\SuperPutty.exe (Simon Tatham) C:\Program Files (x86)\PuTTY\putty.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-23] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-280668642-803239663-4213265422-1000\...\Run: [Idsnsoft Update] => regsvr32.exe C:\Users\tnguyen\AppData\Local\Idsnsoft\3cmlink.dll HKU\S-1-5-21-280668642-803239663-4213265422-1000\...\Run: [DellSystemDetect] => C:\Users\tnguyen\AppData\Local\Apps\2.0\9X2C6MG0.M3Z\KVBV3ZRA.CYN\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-11] (Dell) HKU\S-1-5-21-280668642-803239663-4213265422-1000\...\Policies\Explorer: [Run] "C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\IEUpdate\fc.exe" Startup: C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ([url]http://tortoisesvn.net[/url]) BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5B9223559A6DCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 172.25.52.201 172.25.52.202 Tcpip\..\Interfaces\{28E5EBFF-C31F-484C-85A2-34C25FAAC254}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\tnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\stbf0g9q.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: System.Security.Cryptography.ToBase64Transform - C:\Users\tnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\stbf0g9q.default\Extensions\{5F2BF72B-E9C5-90C3-7654-13AD06039963} [2014-05-28] FF Extension: Firebug - C:\Users\tnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\stbf0g9q.default\Extensions\[email]firebug@software.joehewitt.com.xpi[/email] [2014-05-12] Chrome: ======= CHR Profile: C:\Users\tnguyen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-15] CHR Extension: (Google Wallet) - C:\Users\tnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed] R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-25 13:35 - 2014-09-25 13:36 - 00019832 _____ () C:\Users\tnguyen\Downloads\FRST.txt 2014-09-25 13:12 - 2014-09-25 13:12 - 00000114 ____H () C:\Users\tnguyen\Downloads\.~lock.Natural Partners ISD - Sales Feed v1.06 (1).docx# 2014-09-25 11:47 - 2014-09-25 11:47 - 00000000 _____ () C:\Users\tnguyen\Downloads\ark.txt 2014-09-25 10:39 - 2014-09-25 10:39 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (3).exe 2014-09-25 10:16 - 2014-09-25 10:16 - 00954656 _____ () C:\Windows\Minidump\092514-14180-01.dmp 2014-09-25 02:16 - 2014-09-25 02:16 - 00027206 _____ () C:\ComboFix.txt 2014-09-24 22:19 - 2014-09-25 02:16 - 00000000 ____D () C:\Qoobox 2014-09-24 22:19 - 2014-09-25 02:15 - 00000000 ____D () C:\Windows\erdnt 2014-09-24 22:19 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-24 22:19 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-24 22:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-24 22:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-24 22:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-24 22:19 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-24 22:19 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-24 22:19 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-24 20:16 - 2014-09-25 13:35 - 00000000 ____D () C:\Users\tnguyen\Downloads\FRST-OlderVersion 2014-09-24 20:11 - 2014-09-24 20:11 - 00000668 _____ () C:\Users\tnguyen\Downloads\ark.old.txt 2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\tnguyen\Downloads\tdsskiller 2014-09-24 19:55 - 2014-09-24 19:55 - 00080384 _____ () C:\Windows\system32\izmfodi.dll 2014-09-24 19:55 - 2014-09-24 19:55 - 00003860 _____ () C:\Windows\System32\Tasks\{D7C9FEE3-30DE-810E-6CCC-FEACECB6A9EB} 2014-09-24 19:55 - 2014-09-24 19:55 - 00000000 _____ () C:\Windows\system32\hrnswp.dll 2014-09-24 19:41 - 2014-09-24 19:41 - 00000000 ____D () C:\found.000 2014-09-24 18:14 - 2014-09-24 18:14 - 00006933 _____ () C:\Users\tnguyen\Downloads\Fixlist_old2.txt 2014-09-24 17:57 - 2014-09-24 18:15 - 00008568 _____ () C:\Users\tnguyen\Desktop\malware steps.txt 2014-09-24 15:30 - 2014-09-24 15:30 - 00021241 _____ () C:\Users\tnguyen\Downloads\natural_partners_production_sql_v7.sql 2014-09-24 15:27 - 2014-09-24 15:27 - 05579290 _____ (Swearware) C:\Users\tnguyen\Downloads\ComboFix (2).exe 2014-09-24 15:23 - 2014-09-24 15:24 - 05579290 _____ (Swearware) C:\Users\tnguyen\Downloads\ComboFix (1).exe 2014-09-24 15:16 - 2014-09-24 15:17 - 05579290 ____R (Swearware) C:\Users\tnguyen\Downloads\ComboFix.exe 2014-09-24 14:16 - 2014-09-24 14:16 - 04161313 _____ () C:\Users\tnguyen\Downloads\tdsskiller.zip 2014-09-24 14:15 - 2014-09-24 14:15 - 00380416 _____ () C:\Users\tnguyen\Downloads\6sr7nx6b.exe 2014-09-24 14:14 - 2014-09-24 14:15 - 00380416 _____ () C:\Users\tnguyen\Downloads\zt02npml.exe 2014-09-23 17:31 - 2014-09-23 17:31 - 00312832 _____ () C:\Users\tnguyen\Downloads\NEX-128201 - SO Charging Return fees for Damaged and Wrong Item shipped should not be charged.msg 2014-09-23 15:36 - 2014-09-23 15:36 - 00031919 _____ () C:\Users\tnguyen\Downloads\Addition.txt 2014-09-23 15:35 - 2014-09-23 15:36 - 00046674 _____ () C:\Users\tnguyen\Downloads\FRST_old2.txt 2014-09-23 10:22 - 2014-09-25 10:16 - 755715319 _____ () C:\Windows\MEMORY.DMP 2014-09-23 10:22 - 2014-09-25 10:16 - 00000000 ____D () C:\Windows\Minidump 2014-09-23 10:22 - 2014-09-23 10:23 - 00930352 _____ () C:\Windows\Minidump\092314-15568-01.dmp 2014-09-19 12:09 - 2014-09-19 12:09 - 00002055 _____ () C:\Users\tnguyen\Downloads\fixlist_old.txt 2014-09-19 11:02 - 2014-09-19 11:03 - 00111443 _____ () C:\Users\tnguyen\Downloads\list.html 2014-09-18 17:23 - 2014-09-18 17:26 - 00030183 _____ () C:\Users\tnguyen\Downloads\Addition_old.txt 2014-09-18 17:20 - 2014-09-25 13:36 - 00000000 ____D () C:\FRST 2014-09-18 17:20 - 2014-09-19 13:48 - 00020997 _____ () C:\Users\tnguyen\Downloads\FRST_old.txt 2014-09-18 16:54 - 2014-09-25 13:35 - 02108928 _____ (Farbar) C:\Users\tnguyen\Downloads\FRST64.exe 2014-09-18 16:45 - 2014-09-18 16:45 - 00000000 ____D () C:\zoek_backup 2014-09-18 16:44 - 2014-09-18 16:44 - 01290240 _____ () C:\Users\tnguyen\Downloads\zoek.exe 2014-09-18 16:05 - 2014-09-18 16:06 - 00002758 _____ () C:\Users\tnguyen\Desktop\sprint rebate.txt 2014-09-18 15:20 - 2014-09-25 13:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-18 15:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-18 15:19 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-18 15:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-18 11:02 - 2014-09-18 11:03 - 00013474 _____ () C:\Users\tnguyen\Downloads\Miami.xlsx 2014-09-16 23:16 - 2014-09-16 23:16 - 00000524 _____ () C:\Users\tnguyen\Desktop\rita.txt 2014-09-16 20:14 - 2014-09-16 23:04 - 00000216 _____ () C:\Users\tnguyen\Desktop\handytix.txt 2014-09-16 17:52 - 2014-09-16 17:52 - 00321848 _____ (Malwarebytes Corporation) C:\Users\tnguyen\Downloads\mbam-clean-2.1.1.1001.exe 2014-09-16 14:55 - 2014-09-16 14:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\tnguyen\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-16 11:21 - 2014-09-16 11:33 - 00000000 ____D () C:\AdwCleaner 2014-09-16 11:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-09-16 10:52 - 2014-09-16 10:52 - 00006446 _____ () C:\Users\tnguyen\Downloads\Netconf-batch-file.zip 2014-09-16 10:52 - 2014-09-16 10:52 - 00000000 ____D () C:\Users\tnguyen\Downloads\Netconf-batch-file 2014-09-16 09:49 - 2014-09-24 14:57 - 00088069 _____ () C:\spyhunter.fix 2014-09-16 09:49 - 2010-05-13 18:34 - 00014232 _____ () C:\Windows\SysWOW64\sh4native.exe 2014-09-15 21:36 - 2014-09-15 21:36 - 00003350 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2014-09-15 21:36 - 2014-09-15 21:36 - 00002288 _____ () C:\Users\tnguyen\Desktop\SpyHunter.lnk 2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\sh4ldr 2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2014-09-15 21:34 - 2014-09-15 21:36 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2014-09-15 14:14 - 2014-09-15 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-15 14:10 - 2014-09-15 14:10 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (2).exe 2014-09-15 12:32 - 2014-09-15 12:33 - 00000000 ____D () C:\Users\tnguyen\Downloads\SpyHunter 4.1.11.0 + Crack 2014-09-15 12:32 - 2014-09-15 12:33 - 00000000 ____D () C:\Users\tnguyen\Downloads\PhpStorm 7.1.3 Build #PS-133.982 2014-09-15 12:26 - 2014-09-15 12:26 - 00000000 ____D () C:\fdf030c81114b4942ea70b884feb 2014-09-15 12:25 - 2014-09-15 12:27 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (1).exe 2014-09-15 12:24 - 2014-09-15 12:25 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16.exe 2014-09-15 10:40 - 2014-09-15 10:40 - 00000102 ____H () C:\Users\tnguyen\Downloads\.~lock.Lenox ISD - Sales Feed v1.16.docx# 2014-09-15 10:39 - 2014-09-15 10:39 - 00000000 _____ () C:\autoexec.bat 2014-09-15 10:31 - 2014-09-15 10:31 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-15 10:23 - 2014-09-15 10:23 - 00003460 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task 2014-09-15 10:21 - 2014-09-15 21:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-15 10:19 - 2014-09-15 10:19 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\tnguyen\Downloads\SpyHunter-Installer.exe 2014-09-14 21:43 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-14 13:18 - 2014-09-24 19:54 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-09-13 12:35 - 2014-09-13 12:35 - 00000000 ____D () C:\Users\tnguyen\Downloads\innodojo 2014-09-13 12:34 - 2014-09-13 12:34 - 04235548 _____ () C:\Users\tnguyen\Downloads\innodojo.rar 2014-09-09 12:03 - 2014-09-09 12:03 - 03676207 _____ () C:\Users\tnguyen\Downloads\nyenison_deliverables.zip 2014-09-09 12:03 - 2014-09-09 12:03 - 00000000 ____D () C:\Users\tnguyen\Downloads\nyenison_deliverables 2014-09-06 17:54 - 2014-09-06 17:54 - 00000053 _____ () C:\Users\tnguyen\Downloads\googlee0e4a1b1d318b0b3.html 2014-09-06 11:53 - 2014-09-06 11:53 - 00123286 _____ () C:\Users\tnguyen\Downloads\PO_20140904135041-AAFES-UAT.xml 2014-09-04 14:34 - 2014-09-04 14:34 - 00025042 _____ () C:\Users\tnguyen\Desktop\hs_err_pid16792.log 2014-09-04 11:13 - 2014-09-05 13:08 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2014-09-03 15:47 - 2001-12-19 11:45 - 00008576 _____ (Microsoft Corporation) C:\Windows\system32\VCdRom.sys 2014-09-03 15:40 - 2001-12-19 11:45 - 00008576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VCdRom.sys 2014-09-03 15:38 - 2014-09-03 15:38 - 00000000 ____D () C:\Users\tnguyen\Desktop\virtualcd 2014-09-03 15:37 - 2014-09-03 15:37 - 00061064 _____ () C:\Users\tnguyen\Downloads\winxpvirtualcdcontrolpanel_21.exe 2014-08-29 12:31 - 2014-08-29 12:31 - 00000000 ____D () C:\ProgramData\InstallMate ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-25 13:36 - 2014-09-25 13:35 - 00019832 _____ () C:\Users\tnguyen\Downloads\FRST.txt 2014-09-25 13:36 - 2014-09-18 17:20 - 00000000 ____D () C:\FRST 2014-09-25 13:35 - 2014-09-24 20:16 - 00000000 ____D () C:\Users\tnguyen\Downloads\FRST-OlderVersion 2014-09-25 13:35 - 2014-09-18 16:54 - 02108928 _____ (Farbar) C:\Users\tnguyen\Downloads\FRST64.exe 2014-09-25 13:25 - 2014-05-11 23:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-25 13:21 - 2014-09-18 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-25 13:13 - 2014-05-12 10:01 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Skype 2014-09-25 13:12 - 2014-09-25 13:12 - 00000114 ____H () C:\Users\tnguyen\Downloads\.~lock.Natural Partners ISD - Sales Feed v1.06 (1).docx# 2014-09-25 13:04 - 2014-05-12 10:59 - 00000600 _____ () C:\Users\tnguyen\AppData\Local\PUTTY.RND 2014-09-25 13:02 - 2014-07-13 22:57 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-25 12:48 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-25 12:45 - 2014-05-11 00:00 - 00465369 _____ () C:\Windows\WindowsUpdate.log 2014-09-25 12:43 - 2014-05-12 11:50 - 00000000 ___RD () C:\Users\tnguyen\Dropbox 2014-09-25 12:43 - 2014-05-12 11:49 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Dropbox 2014-09-25 12:42 - 2014-07-13 22:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-25 12:42 - 2014-05-14 09:45 - 00000000 ____D () C:\Users\tnguyen\AppData\Local\TSVNCache 2014-09-25 12:42 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-25 12:42 - 2009-07-13 23:51 - 00034961 _____ () C:\Windows\setupact.log 2014-09-25 12:41 - 2014-05-12 09:52 - 00000000 ____D () C:\Program Files (x86)\Trillian 2014-09-25 11:47 - 2014-09-25 11:47 - 00000000 _____ () C:\Users\tnguyen\Downloads\ark.txt 2014-09-25 11:36 - 2014-05-12 10:40 - 00002764 _____ () C:\Users\tnguyen\SuperPutty.settings 2014-09-25 11:36 - 2009-07-13 23:45 - 00019456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-25 11:36 - 2009-07-13 23:45 - 00019456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-25 10:39 - 2014-09-25 10:39 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (3).exe 2014-09-25 10:16 - 2014-09-25 10:16 - 00954656 _____ () C:\Windows\Minidump\092514-14180-01.dmp 2014-09-25 10:16 - 2014-09-23 10:22 - 755715319 _____ () C:\Windows\MEMORY.DMP 2014-09-25 10:16 - 2014-09-23 10:22 - 00000000 ____D () C:\Windows\Minidump 2014-09-25 10:16 - 2010-11-20 22:47 - 05180326 _____ () C:\Windows\PFRO.log 2014-09-25 02:16 - 2014-09-25 02:16 - 00027206 _____ () C:\ComboFix.txt 2014-09-25 02:16 - 2014-09-24 22:19 - 00000000 ____D () C:\Qoobox 2014-09-25 02:16 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default 2014-09-25 02:15 - 2014-09-24 22:19 - 00000000 ____D () C:\Windows\erdnt 2014-09-25 02:15 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-24 21:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-09-24 21:15 - 2014-07-13 22:57 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-24 20:11 - 2014-09-24 20:11 - 00000668 _____ () C:\Users\tnguyen\Downloads\ark.old.txt 2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\tnguyen\Downloads\tdsskiller 2014-09-24 19:55 - 2014-09-24 19:55 - 00080384 _____ () C:\Windows\system32\izmfodi.dll 2014-09-24 19:55 - 2014-09-24 19:55 - 00003860 _____ () C:\Windows\System32\Tasks\{D7C9FEE3-30DE-810E-6CCC-FEACECB6A9EB} 2014-09-24 19:55 - 2014-09-24 19:55 - 00000000 _____ () C:\Windows\system32\hrnswp.dll 2014-09-24 19:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-09-24 19:54 - 2014-09-14 13:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-09-24 19:41 - 2014-09-24 19:41 - 00000000 ____D () C:\found.000 2014-09-24 18:15 - 2014-09-24 17:57 - 00008568 _____ () C:\Users\tnguyen\Desktop\malware steps.txt 2014-09-24 18:14 - 2014-09-24 18:14 - 00006933 _____ () C:\Users\tnguyen\Downloads\Fixlist_old2.txt 2014-09-24 18:07 - 2014-07-31 20:32 - 00013972 _____ () C:\Users\tnguyen\Desktop\research.txt 2014-09-24 16:14 - 2014-05-13 12:12 - 00173185 _____ () C:\Users\tnguyen\Documents\pgadmin.log 2014-09-24 15:30 - 2014-09-24 15:30 - 00021241 _____ () C:\Users\tnguyen\Downloads\natural_partners_production_sql_v7.sql 2014-09-24 15:27 - 2014-09-24 15:27 - 05579290 _____ (Swearware) C:\Users\tnguyen\Downloads\ComboFix (2).exe 2014-09-24 15:24 - 2014-09-24 15:23 - 05579290 _____ (Swearware) C:\Users\tnguyen\Downloads\ComboFix (1).exe 2014-09-24 15:17 - 2014-09-24 15:16 - 05579290 ____R (Swearware) C:\Users\tnguyen\Downloads\ComboFix.exe 2014-09-24 14:57 - 2014-09-16 09:49 - 00088069 _____ () C:\spyhunter.fix 2014-09-24 14:39 - 2014-05-13 16:16 - 00000600 _____ () C:\Users\tnguyen\AppData\Roaming\winscp.rnd 2014-09-24 14:16 - 2014-09-24 14:16 - 04161313 _____ () C:\Users\tnguyen\Downloads\tdsskiller.zip 2014-09-24 14:15 - 2014-09-24 14:15 - 00380416 _____ () C:\Users\tnguyen\Downloads\6sr7nx6b.exe 2014-09-24 14:15 - 2014-09-24 14:14 - 00380416 _____ () C:\Users\tnguyen\Downloads\zt02npml.exe 2014-09-23 17:31 - 2014-09-23 17:31 - 00312832 _____ () C:\Users\tnguyen\Downloads\NEX-128201 - SO Charging Return fees for Damaged and Wrong Item shipped should not be charged.msg 2014-09-23 17:25 - 2014-05-11 23:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 17:25 - 2014-05-11 23:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 17:25 - 2014-05-11 23:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 15:36 - 2014-09-23 15:36 - 00031919 _____ () C:\Users\tnguyen\Downloads\Addition.txt 2014-09-23 15:36 - 2014-09-23 15:35 - 00046674 _____ () C:\Users\tnguyen\Downloads\FRST_old2.txt 2014-09-23 10:23 - 2014-09-23 10:22 - 00930352 _____ () C:\Windows\Minidump\092314-15568-01.dmp 2014-09-22 03:38 - 2014-06-25 19:43 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\vlc 2014-09-21 16:43 - 2014-05-12 14:43 - 00000000 ____D () C:\Users\tnguyen\.VirtualBox 2014-09-19 13:48 - 2014-09-18 17:20 - 00020997 _____ () C:\Users\tnguyen\Downloads\FRST_old.txt 2014-09-19 12:09 - 2014-09-19 12:09 - 00002055 _____ () C:\Users\tnguyen\Downloads\fixlist_old.txt 2014-09-19 11:03 - 2014-09-19 11:02 - 00111443 _____ () C:\Users\tnguyen\Downloads\list.html 2014-09-18 22:43 - 2014-05-14 13:35 - 00000000 ____D () C:\Windows\CCBAA1F7E5E148B29ED9A79C6A37CE78.TMP 2014-09-18 17:26 - 2014-09-18 17:23 - 00030183 _____ () C:\Users\tnguyen\Downloads\Addition_old.txt 2014-09-18 16:45 - 2014-09-18 16:45 - 00000000 ____D () C:\zoek_backup 2014-09-18 16:44 - 2014-09-18 16:44 - 01290240 _____ () C:\Users\tnguyen\Downloads\zoek.exe 2014-09-18 16:06 - 2014-09-18 16:05 - 00002758 _____ () C:\Users\tnguyen\Desktop\sprint rebate.txt 2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-18 15:19 - 2014-09-18 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-18 13:46 - 2014-05-12 11:50 - 00001025 _____ () C:\Users\tnguyen\Desktop\Dropbox.lnk 2014-09-18 13:46 - 2014-05-12 11:49 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-18 11:03 - 2014-09-18 11:02 - 00013474 _____ () C:\Users\tnguyen\Downloads\Miami.xlsx 2014-09-16 23:16 - 2014-09-16 23:16 - 00000524 _____ () C:\Users\tnguyen\Desktop\rita.txt 2014-09-16 23:04 - 2014-09-16 20:14 - 00000216 _____ () C:\Users\tnguyen\Desktop\handytix.txt 2014-09-16 21:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech 2014-09-16 17:52 - 2014-09-16 17:52 - 00321848 _____ (Malwarebytes Corporation) C:\Users\tnguyen\Downloads\mbam-clean-2.1.1.1001.exe 2014-09-16 14:55 - 2014-09-16 14:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\tnguyen\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-16 11:33 - 2014-09-16 11:21 - 00000000 ____D () C:\AdwCleaner 2014-09-16 10:52 - 2014-09-16 10:52 - 00006446 _____ () C:\Users\tnguyen\Downloads\Netconf-batch-file.zip 2014-09-16 10:52 - 2014-09-16 10:52 - 00000000 ____D () C:\Users\tnguyen\Downloads\Netconf-batch-file 2014-09-15 21:36 - 2014-09-15 21:36 - 00003350 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2014-09-15 21:36 - 2014-09-15 21:36 - 00002288 _____ () C:\Users\tnguyen\Desktop\SpyHunter.lnk 2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\sh4ldr 2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2014-09-15 21:36 - 2014-09-15 21:34 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2014-09-15 21:23 - 2014-09-15 10:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-15 14:14 - 2014-09-15 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-15 14:14 - 2014-05-12 10:00 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-15 14:14 - 2014-05-12 10:00 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-15 14:14 - 2014-05-12 10:00 - 00000000 ____D () C:\ProgramData\Skype 2014-09-15 14:10 - 2014-09-15 14:10 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (2).exe 2014-09-15 14:03 - 2014-05-12 12:33 - 00000000 ____D () C:\Users\tnguyen\AppData\Roaming\BitTorrent 2014-09-15 12:33 - 2014-09-15 12:32 - 00000000 ____D () C:\Users\tnguyen\Downloads\SpyHunter 4.1.11.0 + Crack 2014-09-15 12:33 - 2014-09-15 12:32 - 00000000 ____D () C:\Users\tnguyen\Downloads\PhpStorm 7.1.3 Build #PS-133.982 2014-09-15 12:27 - 2014-09-15 12:25 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16 (1).exe 2014-09-15 12:26 - 2014-09-15 12:26 - 00000000 ____D () C:\fdf030c81114b4942ea70b884feb 2014-09-15 12:25 - 2014-09-15 12:24 - 31766208 _____ (Microsoft Corporation) C:\Users\tnguyen\Downloads\Windows-KB890830-x64-V5.16.exe 2014-09-15 10:40 - 2014-09-15 10:40 - 00000102 ____H () C:\Users\tnguyen\Downloads\.~lock.Lenox ISD - Sales Feed v1.16.docx# 2014-09-15 10:39 - 2014-09-15 10:39 - 00000000 _____ () C:\autoexec.bat 2014-09-15 10:31 - 2014-09-15 10:31 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-15 10:24 - 2014-07-13 22:56 - 00000000 ____D () C:\Users\tnguyen\AppData\Local\Google 2014-09-15 10:23 - 2014-09-15 10:23 - 00003460 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task 2014-09-15 10:19 - 2014-09-15 10:19 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\tnguyen\Downloads\SpyHunter-Installer.exe 2014-09-14 20:46 - 2014-05-12 14:33 - 00000000 ____D () C:\Program Files\Sublime Text 2 2014-09-14 20:45 - 2014-08-19 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-14 20:38 - 2014-05-12 14:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-14 16:51 - 2014-05-12 14:43 - 00000000 ____D () C:\Users\tnguyen\.vagrant.d 2014-09-13 12:35 - 2014-09-13 12:35 - 00000000 ____D () C:\Users\tnguyen\Downloads\innodojo 2014-09-13 12:34 - 2014-09-13 12:34 - 04235548 _____ () C:\Users\tnguyen\Downloads\innodojo.rar 2014-09-09 23:23 - 2014-05-11 23:13 - 00000000 ____D () C:\Users\tnguyen\AppData\Local\Deployment 2014-09-09 12:03 - 2014-09-09 12:03 - 03676207 _____ () C:\Users\tnguyen\Downloads\nyenison_deliverables.zip 2014-09-09 12:03 - 2014-09-09 12:03 - 00000000 ____D () C:\Users\tnguyen\Downloads\nyenison_deliverables 2014-09-09 11:48 - 2014-05-13 12:24 - 00000000 ____D () C:\Users\tnguyen\Development 2014-09-06 17:54 - 2014-09-06 17:54 - 00000053 _____ () C:\Users\tnguyen\Downloads\googlee0e4a1b1d318b0b3.html 2014-09-06 11:53 - 2014-09-06 11:53 - 00123286 _____ () C:\Users\tnguyen\Downloads\PO_20140904135041-AAFES-UAT.xml 2014-09-05 13:08 - 2014-09-04 11:13 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2014-09-04 14:34 - 2014-09-04 14:34 - 00025042 _____ () C:\Users\tnguyen\Desktop\hs_err_pid16792.log 2014-09-03 15:38 - 2014-09-03 15:38 - 00000000 ____D () C:\Users\tnguyen\Desktop\virtualcd 2014-09-03 15:37 - 2014-09-03 15:37 - 00061064 _____ () C:\Users\tnguyen\Downloads\winxpvirtualcdcontrolpanel_21.exe 2014-08-29 13:01 - 2014-09-14 21:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-29 12:31 - 2014-08-29 12:31 - 00000000 ____D () C:\ProgramData\InstallMate Some content of TEMP: ==================== C:\Users\tnguyen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuusqc.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-22 13:10 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top