Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect to 63.209.69.107


  • This topic is locked This topic is locked
9 replies to this topic

#1 Teufelaffe

Teufelaffe

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 23 November 2012 - 08:30 AM

Started getting Google search results redirect to 63.209.69.107. I can temporarily remove this behavior by removing a "Default plugin" from Chrome. Plugin and redirect return on restart of browser or computer. Also, possibly related as it started at the same time, Windows hangs indefinitely at "Logging off..." when shutting down.

Thank you for your time and attention.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by jarroda at 8:03:02 on 2012-11-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8187.5452 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
X:\Steam\Steam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jarroda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [Steam] "X:\Steam\steam.exe" -silent
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\jarroda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76
TCP: Interfaces\{AA20AA02-929A-4431-AA87-CE9275A0A27C} : DhcpNameServer = 192.168.1.1 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jarroda\AppData\Roaming\Mozilla\Firefox\Profiles\5nl0bzye.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\jarroda\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\jarroda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\jarroda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\jarroda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\jarroda\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Users\jarroda\AppData\Roaming\RCKR\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 ArcSec;archlp;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-11-7 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-11-7 297240]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/11/09 22:36:52];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-8-10 147704]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-11-9 83704]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-11-7 976728]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-18 1153368]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-1 1258856]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\drivers\LEqdUsb.Sys --> C:\Windows\system32\drivers\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\drivers\LHidEqd.Sys --> C:\Windows\system32\drivers\LHidEqd.Sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-9-20 30785672]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\drivers\ssadbus.sys --> C:\Windows\system32\drivers\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\drivers\ssadserd.sys --> C:\Windows\system32\drivers\ssadserd.sys [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\system32\drivers\sscebus.sys --> C:\Windows\system32\drivers\sscebus.sys [?]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);C:\Windows\system32\drivers\ssceserd.sys --> C:\Windows\system32\drivers\ssceserd.sys [?]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-11-9 90640]
S4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-11-9 78352]
S4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-11-9 295440]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;X:\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-6-25 25832]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-20 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-20 136176]
S4 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2009-11-18 355840]
S4 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-16 115168]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S4 Synergy Server;Synergy Server;C:\Program Files\Synergy\synergys.exe [2011-2-5 1012224]
.
=============== Created Last 30 ================
.
2012-11-22 15:46:03 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9846BC0D-4008-4D11-B6FA-D613E30F0C91}\mpengine.dll
2012-11-21 15:39:51 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-21 15:19:21 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-11-20 18:40:45 -------- d-----w- C:\Users\jarroda\AppData\Roaming\GetRightToGo
2012-11-20 13:04:44 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-19 04:49:56 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2012-11-19 04:48:14 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-19 04:48:13 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-19 04:48:13 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-19 04:48:13 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-19 04:45:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-19 04:45:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-19 04:45:55 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-19 04:45:55 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-19 04:45:53 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-19 04:45:53 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-19 04:45:53 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-19 04:43:59 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-16 13:30:43 -------- d-----w- C:\ms
2012-11-15 05:50:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-11-15 05:50:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-11-15 03:18:23 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-15 03:18:07 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 03:18:07 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-14 01:46:33 -------- d-----w- C:\Users\jarroda\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-11-14 01:36:56 -------- d-----w- C:\Program Files (x86)\Warner Bros. Interactive Entertainment
2012-11-13 00:51:23 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-13 00:51:08 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-13 00:50:58 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-13 00:50:38 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-10 03:36:52 -------- d-----w- C:\MediaServer
2012-11-10 03:36:35 -------- d-----w- C:\ProgramData\PDVD
2012-11-10 03:36:01 -------- d-----w- C:\Users\jarroda\AppData\Local\CyberLink
2012-11-10 03:31:12 -------- d-----w- C:\ProgramData\install_clap
2012-11-10 00:47:56 -------- d-----w- C:\Users\jarroda\AppData\Local\MediaShow
2012-11-10 00:45:16 -------- d-----w- C:\Users\jarroda\AppData\Local\MediaServer
2012-11-09 15:56:03 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-11-09 15:56:02 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-06 20:57:58 49152 ----a-r- C:\Windows\System32\HPM1210SMs.dll
2012-11-06 20:57:57 350720 ----a-w- C:\Windows\System32\mvhlewsi.DLL
2012-11-06 20:57:56 1366016 ----a-w- C:\Windows\System32\HPM1210SM.exe
2012-11-04 02:18:47 -------- d-----w- C:\Users\jarroda\AppData\Roaming\RCKR
2012-10-31 19:06:00 -------- dc-h--w- C:\ProgramData\{A9D2D39F-ECFE-4EDC-A4CB-72BE318F2B40}
2012-10-31 18:51:45 -------- d-----w- C:\Users\jarroda\AppData\Local\Ironclad Games
2012-10-31 18:50:08 -------- d-----w- C:\ProgramData\Ironclad Games
2012-10-31 18:48:01 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2012-10-31 18:33:41 -------- d-----w- C:\Users\jarroda\AppData\Local\GameStop
2012-10-31 18:33:38 -------- d-----w- C:\ProgramData\Gibraltar
2012-10-31 18:33:11 -------- d-----w- C:\ProgramData\GameStop
2012-10-31 18:33:11 -------- d-----w- C:\Program Files (x86)\GameStop App
2012-10-31 18:32:54 -------- dc-h--w- C:\ProgramData\{BB404D86-96D5-49BA-BE2E-955F3901C656}
2012-10-31 18:32:39 -------- d-----w- C:\Users\jarroda\AppData\Local\PackageAware
2012-10-31 14:43:10 -------- d-----w- C:\Users\jarroda\AppData\Local\Stardock_Corporation
2012-10-31 14:42:03 -------- d-----w- C:\Users\jarroda\AppData\Roaming\Stardock
2012-10-31 14:41:50 -------- d-----w- C:\Program Files (x86)\Stardock
.
==================== Find3M ====================
.
2012-11-20 23:34:03 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-20 23:33:56 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-12 12:58:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-12 12:58:22 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-07 21:29:50 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-10-20 16:35:36 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-10-14 04:21:46 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-08 00:43:36 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-10-05 15:54:04 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-05 15:54:04 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-05 15:54:04 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-29 02:42:04 2177704 ----a-w- C:\Windows\System32\coin92.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 19:09:00 1482088 ----a-w- C:\Windows\System32\nvir3dgenco6420152.dll
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 8:04:06.96 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 PM

Posted 23 November 2012 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#3 Teufelaffe

Teufelaffe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 25 November 2012 - 10:33 AM

ComboFix 12-11-23.02 - jarroda 11/23/2012 15:30:52.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8187.5694 [GMT -5:00]
Running from: c:\users\jarroda\Desktop\Bleeping Computer\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 20:39 . 2012-11-23 20:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-23 20:39 . 2012-11-23 20:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-23 20:39 . 2012-11-23 20:39 -------- d-----w- c:\users\Mcx1-TEUFELAFFE\AppData\Local\temp
2012-11-23 20:39 . 2012-11-23 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 20:39 . 2012-11-23 20:39 -------- d-----w- c:\users\Temp\AppData\Local\temp
2012-11-22 15:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9846BC0D-4008-4D11-B6FA-D613E30F0C91}\mpengine.dll
2012-11-21 15:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-21 15:19 . 2012-11-21 15:19 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-11-20 18:40 . 2012-11-20 23:35 -------- d-----w- c:\users\jarroda\AppData\Roaming\GetRightToGo
2012-11-20 13:04 . 2012-11-20 13:04 -------- d-----w- c:\program files (x86)\ESET
2012-11-19 04:49 . 2012-11-19 04:50 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-11-19 04:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 04:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 04:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 04:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 04:45 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 04:45 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 04:45 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 04:45 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 04:45 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 04:45 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 04:45 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 04:43 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 13:30 . 2012-11-16 13:30 -------- d-----w- C:\ms
2012-11-15 05:50 . 2012-10-08 11:26 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-15 05:50 . 2012-10-08 07:50 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-11-15 05:50 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-15 05:50 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-15 03:18 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 03:18 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 03:18 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 01:46 . 2012-11-14 01:46 -------- d-----w- c:\users\jarroda\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-11-14 01:36 . 2012-11-14 01:36 -------- d-----w- c:\program files (x86)\Warner Bros. Interactive Entertainment
2012-11-13 00:51 . 2012-11-13 00:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-13 00:51 . 2012-11-13 00:51 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-13 00:50 . 2012-11-13 00:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-13 00:50 . 2012-11-13 00:50 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-10 03:36 . 2012-11-10 03:36 -------- d-----w- C:\MediaServer
2012-11-10 03:36 . 2012-11-10 04:12 -------- d-----w- c:\programdata\PDVD
2012-11-10 03:36 . 2012-11-10 03:36 -------- d-----w- c:\users\jarroda\AppData\Local\CyberLink
2012-11-10 03:33 . 2012-11-10 03:33 -------- d-----w- c:\program files (x86)\CyberLink
2012-11-10 03:31 . 2012-11-10 04:12 -------- d-----w- c:\programdata\CyberLink
2012-11-10 03:31 . 2012-11-10 03:31 -------- d-----w- c:\programdata\install_clap
2012-11-10 00:47 . 2012-11-10 00:47 -------- d-----w- c:\users\jarroda\AppData\Local\MediaShow
2012-11-10 00:45 . 2012-11-10 00:45 -------- d-----w- c:\users\jarroda\AppData\Local\MediaServer
2012-11-10 00:44 . 2012-11-10 03:40 -------- d-----w- c:\users\jarroda\AppData\Roaming\CyberLink
2012-11-10 00:44 . 2012-11-10 03:36 -------- d-----w- c:\users\Public\CyberLink
2012-11-09 15:56 . 2012-11-09 15:56 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-11-09 15:56 . 2012-11-09 15:56 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-06 20:57 . 2010-04-28 15:49 49152 ----a-r- c:\windows\system32\HPM1210SMs.dll
2012-11-06 20:57 . 2010-03-31 16:49 350720 ----a-w- c:\windows\system32\mvhlewsi.DLL
2012-11-06 20:57 . 2010-03-31 16:52 1366016 ----a-w- c:\windows\system32\HPM1210SM.exe
2012-11-04 02:18 . 2012-11-04 02:18 -------- d-----w- c:\users\jarroda\AppData\Roaming\RCKR
2012-10-31 19:06 . 2012-10-31 19:06 -------- dc-h--w- c:\programdata\{A9D2D39F-ECFE-4EDC-A4CB-72BE318F2B40}
2012-10-31 18:51 . 2012-10-31 18:51 -------- d-----w- c:\users\jarroda\AppData\Local\Ironclad Games
2012-10-31 18:50 . 2012-10-31 18:50 -------- d-----w- c:\programdata\Ironclad Games
2012-10-31 18:48 . 2012-10-31 18:48 -------- d-----w- c:\program files (x86)\Common Files\Stardock
2012-10-31 18:33 . 2012-10-31 18:33 -------- d-----w- c:\users\jarroda\AppData\Local\GameStop
2012-10-31 18:33 . 2012-10-31 18:33 -------- d-----w- c:\programdata\Gibraltar
2012-10-31 18:33 . 2012-10-31 18:33 -------- d-----w- c:\program files (x86)\GameStop App
2012-10-31 18:33 . 2012-10-31 18:33 -------- d-----w- c:\programdata\GameStop
2012-10-31 18:32 . 2012-10-31 18:33 -------- dc-h--w- c:\programdata\{BB404D86-96D5-49BA-BE2E-955F3901C656}
2012-10-31 18:32 . 2012-10-31 18:32 -------- d-----w- c:\users\jarroda\AppData\Local\PackageAware
2012-10-31 14:43 . 2012-10-31 14:43 -------- d-----w- c:\users\jarroda\AppData\Local\Stardock_Corporation
2012-10-31 14:42 . 2012-10-31 18:33 -------- d-----w- c:\users\jarroda\AppData\Roaming\Stardock
2012-10-31 14:41 . 2012-10-31 14:41 -------- d-----w- c:\program files (x86)\Stardock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 23:34 . 2011-03-24 14:25 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-20 23:33 . 2011-03-24 14:25 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-15 05:46 . 2011-03-28 14:26 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 12:58 . 2012-04-05 14:25 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-12 12:58 . 2011-05-13 13:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 21:29 . 2011-08-31 14:54 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-10-20 16:35 . 2012-10-20 16:35 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-14 04:21 . 2011-09-29 21:25 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-10-11 02:23 . 2012-10-11 02:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-08-23 05:17 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 02:23 . 2012-10-11 02:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2012-10-11 02:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 02:23 . 2012-10-11 02:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2011-10-30 08:46 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2012-10-11 02:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 00:43 . 2011-08-04 23:52 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-10-05 15:54 . 2012-10-05 15:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-05 15:54 . 2012-07-14 17:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-05 15:54 . 2011-03-25 00:35 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-03 13:04 . 2012-10-20 01:08 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5DA273F-E3A5-4315-BCF4-780C4005DF98}\gapaengine.dll
2012-10-03 13:04 . 2011-08-12 12:40 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-02 19:51 . 2012-02-21 15:41 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-04-08 03:19 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-04-08 03:19 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-12-01 23:26 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-04-08 03:19 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-04-08 03:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-01-08 00:48 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-30 00:54 . 2012-10-03 16:25 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 02:42 . 2012-09-29 02:42 2177704 ----a-w- c:\windows\system32\coin92.dll
2012-09-14 19:19 . 2012-10-10 12:35 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2011-04-27 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 19:09 . 2012-09-17 16:54 1482088 ----a-w- c:\windows\system32\nvir3dgenco6420152.dll
2012-08-30 18:03 . 2012-10-10 12:35 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 12:35 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 12:35 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2012-11-12 53896]
"Steam"="x:\steam\steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
.
c:\users\jarroda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe [2012-10-29 4017368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\jarroda\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-07-28 52584]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 71168]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.Sys [2011-04-30 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.Sys [2011-04-30 15128]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-05-20 276584]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-01-03 145384]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-12-21 127488]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2010-12-21 129024]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-29 1255736]
R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-07-25 90640]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-07-25 78352]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-07-25 295440]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;x:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2009-11-18 355840]
R4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-12-03 126520]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-11-07 101688]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-20 283200]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-11-07 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-11-07 297240]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/11/09 22:36];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-08-10 15:04 147704]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-06-20 83704]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-11-07 976728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 22:03]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 22:03]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2722058409-3077970639-501152743-1001Core.job
- c:\users\jarroda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 22:03]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2722058409-3077970639-501152743-1001UA.job
- c:\users\jarroda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 22:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76
FF - ProfilePath - c:\users\jarroda\AppData\Roaming\Mozilla\Firefox\Profiles\5nl0bzye.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Guild Wars - x:\guild wars\Gw.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Rage_is1 - x:\rage\unins000.exe
AddRemove-Risen 2 Dark Waters_is1 - x:\risen 2 dark waters\unins000.exe
AddRemove-Steam App 15620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 20570 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 31740 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 49340 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 62100 - c:\program files (x86)\Steam\steam.exe
AddRemove-Torchlight II © Runic Games_is1 - x:\torchlight ii\unins000.exe
AddRemove-Vendetta Online_is1 - x:\vendetta online\unins000.exe
AddRemove-{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1 - x:\the witcher 2 assassins of kings\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
AddRemove-RIFT - x:\rift\riftuninstall.exe
AddRemove-SOE-PlanetSide 2 Beta - x:\planetside 2 beta\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3991038650-1593711539-2016530682-1001\Software\SecuROM\License information*]
"datasecu"=hex:7b,ab,b9,55,e8,1f,ed,ba,71,2d,d1,0d,43,78,30,d5,89,db,6d,29,b5,
5a,cc,a2,7d,a2,2a,8b,b4,c1,bf,3e,3c,a8,57,a0,5b,23,cc,34,bd,c4,fc,4f,10,cb,\
"rkeysecu"=hex:d3,a3,c8,cc,da,10,42,5e,62,fd,2b,cf,c6,e9,59,b2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-23 15:42:26
ComboFix-quarantined-files.txt 2012-11-23 20:42
ComboFix2.txt 2012-10-05 13:02
ComboFix3.txt 2012-10-04 19:42
ComboFix4.txt 2012-10-03 18:57
ComboFix5.txt 2012-11-23 20:28
.
Pre-Run: 130,907,193,344 bytes free
Post-Run: 147,941,195,776 bytes free
.
- - End Of File - - 3343D5DDC6E84D3E3218B25323066D57

# AdwCleaner v2.009 - Logfile created 11/25/2012 at 10:28:25
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : jarroda - FLAUMIG
# Boot Mode : Normal
# Running from : C:\Users\jarroda\Desktop\Bleeping Computer\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\Software\Freeze.com
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\jarroda\AppData\Roaming\Mozilla\Firefox\Profiles\5nl0bzye.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\jarroda\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1325 octets] - [25/11/2012 10:28:25]
AdwCleaner[S1].txt - [5658 octets] - [04/10/2012 10:47:12]

########## EOF - C:\AdwCleaner[R1].txt - [1445 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 PM

Posted 25 November 2012 - 04:53 PM

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Can I please see the Security Check log.


Please let me know what problem persists.

#5 Teufelaffe

Teufelaffe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 25 November 2012 - 08:33 PM

Redirect still present.

# AdwCleaner v2.009 - Logfile created 11/25/2012 at 20:13:09
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : jarroda - FLAUMIG
# Boot Mode : Normal
# Running from : C:\Users\jarroda\Desktop\Bleeping Computer\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\Software\Freeze.com
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\jarroda\AppData\Roaming\Mozilla\Firefox\Profiles\5nl0bzye.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\jarroda\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1514 octets] - [25/11/2012 10:28:25]
AdwCleaner[S1].txt - [5658 octets] - [04/10/2012 10:47:12]
AdwCleaner[S2].txt - [1455 octets] - [25/11/2012 20:13:09]

########## EOF - C:\AdwCleaner[S2].txt - [1515 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 PM

Posted 26 November 2012 - 08:47 AM

I can temporarily remove this behavior by removing a "Default plugin" from Chrome. Plugin and redirect return on restart of browser or computer.

Can you give me the name of this plugin or extension in chrome.
Post it in your next reply.

===


Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#7 Teufelaffe

Teufelaffe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 26 November 2012 - 10:25 AM

The extension is listed literally as "Default Extension". Screen shot:
Posted Image

Hitting the trashcan to remove the extension will remove it for the current browser session only.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 26-11-2012 09:27:40
Running from J:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-06-23] (Logitech, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\jarroda\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\jarroda\...\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup [53896 2012-11-12] (Raptr, Inc)
HKU\jarroda\...\Run: [Steam] "X:\Steam\steam.exe" -silent [x]
HKU\Mcx1-TEUFELAFFE\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Temp\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.76.76
Startup: C:\Users\jarroda\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
4 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)
4 CyberLink PowerDVD 12 Media Server Monitor Service; "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe" [78352 2012-07-25] (CyberLink)
4 CyberLink PowerDVD 12 Media Server Service; "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" [295440 2012-07-25] (CyberLink)
4 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [355840 2009-11-18] (Marvell)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-11-20] ()
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-11-07] (Trusteer Ltd.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
4 Synergy Server; C:\Program Files\Synergy\synergys.exe [1012224 2011-02-05] ()
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
4 DAUpdaterSvc; C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]

==================== Drivers (Whitelisted) =====================

1 ArcSec; C:\Windows\System32\Drivers\ArcSec.sys [312184 2010-09-21] ()
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2012-10-13] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-10-20] (DT Soft Ltd)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2012-01-04] ()
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
2 ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
1 RapportCerberus_43926; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-11-07] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-11-07] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-11-07] (Trusteer Ltd.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-20] (Duplex Secure Ltd.)
3 sscdserd; C:\Windows\System32\Drivers\sscdserd.sys [141384 2010-12-20] (MCCI Corporation)
3 ssceserd; C:\Windows\System32\Drivers\ssceserd.sys [129024 2010-12-20] (MCCI Corporation)
2 {73526619-C24F-470B-9BED-53D455FBB5C6}; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)
3 ALSysIO; \??\C:\Users\jarroda\AppData\Local\Temp\ALSysIO64.sys [x]
1 archlp; C:\Windows\SysWow64\drivers\archlp.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-26 09:27 - 2012-11-26 09:27 - 00000000 ____D C:\FRST
2012-11-25 17:24 - 2012-11-25 17:24 - 00001165 ____A C:\AdwCleaner[S3].txt
2012-11-25 17:13 - 2012-11-25 17:13 - 00001584 ____A C:\AdwCleaner[S2].txt
2012-11-25 07:28 - 2012-11-25 07:28 - 00001514 ____A C:\AdwCleaner[R1].txt
2012-11-23 12:42 - 2012-11-23 12:42 - 00029853 ____A C:\ComboFix.txt
2012-11-21 17:17 - 2012-11-21 17:17 - 00001708 ____A C:\Users\Public\Desktop\Scrivener.lnk
2012-11-21 07:19 - 2012-11-21 07:19 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-11-20 16:45 - 2012-11-20 16:48 - 00000000 ____D C:\Users\jarroda\Documents\Assassin's Creed III
2012-11-20 15:33 - 2012-11-20 15:33 - 00001205 ____A C:\Users\jarroda\Desktop\Uplay.lnk
2012-11-20 10:40 - 2012-11-20 15:35 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\GetRightToGo
2012-11-20 10:31 - 2012-11-20 10:34 - 00000000 ____D C:\Users\jarroda\Downloads\Assassin's Creed 3 Stuff
2012-11-20 07:51 - 2012-11-20 07:51 - 00002120 ____A C:\scu.dat
2012-11-20 05:04 - 2012-11-20 05:04 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-20 05:00 - 2012-11-20 05:00 - 02322184 ____A (ESET) C:\Users\jarroda\Downloads\esetsmartinstaller_enu.exe
2012-11-18 20:49 - 2012-11-18 20:50 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2012-11-18 20:48 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-18 20:48 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-18 20:48 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-18 20:48 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-18 20:45 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-18 20:45 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-18 20:45 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-18 20:45 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-18 20:45 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-18 20:45 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-18 20:45 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-18 20:45 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-18 20:44 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-18 20:44 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-18 20:44 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-18 20:44 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-11-18 20:44 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-11-18 20:44 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-11-18 20:44 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-11-18 20:44 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-11-18 20:44 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-11-18 20:44 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-11-18 20:44 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-11-18 20:44 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-11-18 20:44 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-11-18 20:44 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-11-18 20:44 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-11-18 20:44 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-11-18 20:44 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-11-18 20:44 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-18 20:44 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-11-18 20:43 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-18 20:43 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-18 20:43 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-18 20:43 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-18 20:43 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-18 20:43 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-18 20:43 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-18 20:43 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-18 20:43 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-18 20:43 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-18 20:43 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-18 20:43 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-18 20:43 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-11-18 20:43 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-11-18 20:43 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-17 20:14 - 2012-11-17 20:58 - 00000000 ____D C:\Users\jarroda\Desktop\Lotro Plugins
2012-11-17 15:17 - 2012-11-17 15:20 - 266710395 ____A C:\Users\jarroda\Downloads\SyderArcadeV13WINsetup.zip
2012-11-17 15:17 - 2012-11-17 15:19 - 118021574 ____A C:\Users\jarroda\Downloads\Syder_Arcade_OST.zip
2012-11-16 05:30 - 2012-11-16 05:30 - 00000000 ____D C:\ms
2012-11-16 05:08 - 2012-11-16 05:08 - 00291840 ____A C:\Windows\Minidump\111612-35843-01.dmp
2012-11-14 21:51 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 21:51 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 21:51 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 21:51 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 21:51 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 21:51 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 21:51 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 21:51 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 21:51 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 21:51 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 21:51 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 21:51 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 21:51 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 21:51 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 21:51 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 21:51 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 21:51 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 21:51 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 21:51 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 21:51 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 21:51 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 21:51 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 21:51 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 21:51 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 21:51 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 21:51 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 21:51 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 21:51 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 21:50 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 21:50 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 21:50 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 21:50 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 19:18 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 19:18 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 19:18 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-13 20:08 - 2012-11-13 20:08 - 00062140 ____A C:\Users\jarroda\Downloads\fbpurity.SVNNINSIX.crx
2012-11-13 17:46 - 2012-11-13 17:46 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-11-13 17:36 - 2012-11-13 17:36 - 00000000 ____D C:\Program Files (x86)\Warner Bros. Interactive Entertainment
2012-11-12 05:31 - 2012-11-23 12:27 - 00000083 ____A C:\Users\jarroda\Desktop\lotro mount code.txt
2012-11-09 20:24 - 2012-11-09 20:24 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-11-09 20:22 - 2012-11-09 20:22 - 50472448 ____A C:\Users\jarroda\Downloads\calibre-0.9.5.msi
2012-11-09 19:36 - 2012-11-09 20:12 - 00000000 ____D C:\Users\All Users\PDVD
2012-11-09 19:36 - 2012-11-09 19:36 - 00000000 ____D C:\Users\jarroda\AppData\Local\CyberLink
2012-11-09 19:36 - 2012-11-09 19:36 - 00000000 ____D C:\MediaServer
2012-11-09 19:35 - 2012-11-09 19:35 - 00002192 ____A C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2012-11-09 19:33 - 2012-11-09 19:33 - 00000000 ____D C:\Program Files (x86)\CyberLink
2012-11-09 19:31 - 2012-11-09 20:12 - 00000000 ____D C:\Users\All Users\CyberLink
2012-11-09 19:31 - 2012-11-09 19:31 - 00000000 ____D C:\Users\All Users\install_clap
2012-11-09 16:47 - 2012-11-09 16:47 - 00000000 ____D C:\Users\jarroda\AppData\Local\MediaShow
2012-11-09 16:46 - 2012-11-09 19:40 - 00000000 ____D C:\Users\jarroda\Documents\CyberLink
2012-11-09 16:45 - 2012-11-09 16:48 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2012-11-09 16:45 - 2012-11-09 16:45 - 00000000 ____D C:\Users\jarroda\AppData\Local\MediaServer
2012-11-09 16:44 - 2012-11-09 19:40 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\CyberLink
2012-11-09 16:44 - 2012-11-09 19:36 - 00000000 ____D C:\Users\Public\CyberLink
2012-11-09 16:36 - 2012-11-09 16:36 - 00958992 ____A (CyberLink) C:\Users\jarroda\Downloads\CyberLink_PowerDVD_Downloader.exe
2012-11-09 16:36 - 2012-11-09 16:36 - 00946664 ____A (CyberLink) C:\Users\jarroda\Downloads\CyberLink_PowerDVD_Downloader_CNET.exe
2012-11-09 16:04 - 2012-11-09 16:04 - 02005614 ____A C:\Users\jarroda\Downloads\BH10LS30_L101%28ew%29.zip
2012-11-09 13:31 - 2012-11-09 13:31 - 00000199 ____A C:\Users\jarroda\Desktop\Dota 2.url
2012-11-07 07:23 - 2012-11-07 07:27 - 38574309 ____A C:\Users\jarroda\Downloads\SkritinVideos.rar
2012-11-07 07:19 - 2012-11-07 07:19 - 03249726 ____A C:\Users\jarroda\Downloads\video_toy.rar
2012-11-06 14:03 - 2012-11-16 05:08 - 949320873 ____A C:\Windows\MEMORY.DMP
2012-11-06 14:03 - 2012-11-06 14:03 - 00291880 ____A C:\Windows\Minidump\110612-41859-01.dmp
2012-11-06 12:58 - 2010-04-28 07:49 - 00212992 ___RA C:\Windows\System32\m1210wia.dll
2012-11-06 12:58 - 2010-04-28 07:49 - 00020480 ___RA (Marvell Semiconductor, Inc.) C:\Windows\System32\Drivers\mvusbews.sys
2012-11-06 12:58 - 2010-04-28 07:49 - 00016384 ___RA C:\Windows\System32\Drivers\HPM1210FAX.sys
2012-11-06 12:58 - 2008-12-22 02:02 - 02219152 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltwvc15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00482448 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltkrn15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00445584 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimgsfx15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00302224 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimgcor15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00257168 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltefx15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00216208 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimgefx15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00212112 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimgclr15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00150672 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltfil15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00117904 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lttwn15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00117904 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltimgutl15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00105616 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltpnt15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00068752 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltpdg15u.dll
2012-11-06 12:58 - 2008-12-22 02:02 - 00038032 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimgopt15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 01711248 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltclr15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 01035408 ____A (The OpenSSL Project) C:\Windows\SysWOW64\ltcry15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 00646288 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltdlgfile15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 00384144 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfcmp15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 00261264 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDIS15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 00232592 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltdlgkrn15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 00146576 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lftif15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 00097424 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lffax15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 00064656 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTCON15u.dll
2012-11-06 12:58 - 2008-12-22 02:01 - 00024720 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfbmp15u.dll
2012-11-06 12:57 - 2010-04-28 07:49 - 00049152 ___RA C:\Windows\System32\HPM1210SMs.dll
2012-11-06 12:57 - 2010-03-31 08:52 - 01366016 ____A C:\Windows\System32\HPM1210SM.exe
2012-11-06 12:57 - 2010-03-31 08:49 - 00350720 ____A C:\Windows\System32\mvhlewsi.DLL
2012-11-03 18:18 - 2012-11-03 18:18 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\RCKR
2012-11-02 06:56 - 2012-11-02 06:57 - 00000000 ____D C:\Users\jarroda\Documents\Spartan
2012-11-01 20:50 - 2012-11-01 20:50 - 00000202 ____A C:\Users\jarroda\Desktop\Age of Empires Online.url
2012-11-01 06:46 - 2012-11-01 06:46 - 00000599 ____A C:\Users\jarroda\Desktop\Bridge Project Demo.lnk
2012-11-01 06:36 - 2012-11-01 06:43 - 170851242 ____A (Chronic Logic LLC ) C:\Users\jarroda\Downloads\bridgeprojectdemo.exe
2012-10-31 11:06 - 2012-10-31 11:06 - 00000000 __HDC C:\Users\All Users\{A9D2D39F-ECFE-4EDC-A4CB-72BE318F2B40}
2012-10-31 11:05 - 2012-10-31 11:05 - 00000764 ____A C:\Users\Public\Desktop\Sins of a Solar Empire - Trinity.lnk
2012-10-31 10:54 - 2012-10-31 11:04 - 1172213085 ____A (Stardock Entertainment, Inc.) C:\Users\jarroda\Downloads\SinsTrinity_setup_1.34.050.exe
2012-10-31 10:51 - 2012-10-31 10:51 - 00000000 ____D C:\Users\jarroda\AppData\Local\Ironclad Games
2012-10-31 10:50 - 2012-10-31 10:50 - 00000000 ____D C:\Users\All Users\Ironclad Games
2012-10-31 10:33 - 2012-10-31 10:33 - 00001053 ____A C:\Users\Public\Desktop\GameStop App.lnk
2012-10-31 10:33 - 2012-10-31 10:33 - 00000000 ____D C:\Users\jarroda\AppData\Local\GameStop
2012-10-31 10:33 - 2012-10-31 10:33 - 00000000 ____D C:\Users\All Users\Gibraltar
2012-10-31 10:33 - 2012-10-31 10:33 - 00000000 ____D C:\Users\All Users\GameStop
2012-10-31 10:33 - 2012-10-31 10:33 - 00000000 ____D C:\Program Files (x86)\GameStop App
2012-10-31 10:32 - 2012-10-31 10:33 - 00000000 __HDC C:\Users\All Users\{BB404D86-96D5-49BA-BE2E-955F3901C656}
2012-10-31 10:32 - 2012-10-31 10:32 - 00000000 ____D C:\Users\jarroda\AppData\Local\PackageAware
2012-10-31 10:30 - 2012-10-31 10:30 - 00139536 ____A (GameStop Corporation) C:\Users\jarroda\Downloads\GameStopApp_setup.exe
2012-10-31 08:05 - 2012-10-31 08:05 - 00342489 ____A C:\Users\jarroda\Downloads\tonicbars-v2.9.1.zip
2012-10-31 06:47 - 2012-10-31 06:47 - 00000000 ____D C:\Users\jarroda\Desktop\Pics
2012-10-31 06:43 - 2012-10-31 06:43 - 00000000 ____D C:\Users\jarroda\AppData\Local\Stardock_Corporation
2012-10-31 06:42 - 2012-10-31 10:33 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\Stardock
2012-10-31 06:42 - 2012-10-31 06:42 - 00002030 ____A C:\Users\jarroda\Desktop\Customize Fences.lnk
2012-10-31 06:41 - 2012-10-31 06:41 - 14162808 ____A C:\Users\jarroda\Downloads\Fences2_setup.exe
2012-10-31 06:41 - 2012-10-31 06:41 - 00000000 ____D C:\Program Files (x86)\Stardock
2012-10-28 09:21 - 2012-10-28 09:24 - 00000000 ____D C:\Users\jarroda\Desktop\2012

==================== One Month Modified Files and Folders =======

2012-11-26 09:27 - 2012-11-26 09:27 - 00000000 ____D C:\FRST
2012-11-26 06:24 - 2012-09-21 01:33 - 01645501 ____A C:\Windows\WindowsUpdate.log
2012-11-26 06:23 - 2012-10-06 18:00 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\uTorrent
2012-11-26 06:20 - 2009-07-13 21:13 - 00797002 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-26 06:17 - 2012-10-06 10:28 - 00007438 ____A C:\Windows\setupact.log
2012-11-26 06:09 - 2011-04-20 06:19 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-26 05:05 - 2012-04-17 06:56 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-26 05:05 - 2011-03-26 06:33 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-26 02:43 - 2012-08-23 11:19 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\Raptr
2012-11-25 22:49 - 2009-07-13 20:45 - 00014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-25 22:49 - 2009-07-13 20:45 - 00014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-25 22:42 - 2011-04-20 06:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-25 22:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-25 22:13 - 2011-11-30 10:55 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\vlc
2012-11-25 22:04 - 2011-04-14 09:37 - 00000000 ____D C:\Users\jarroda\Calibre Library
2012-11-25 21:47 - 2012-11-25 21:47 - 00000700 ____A C:\Users\Public\Desktop\LEGO Lord Of The Rings.lnk
2012-11-25 17:24 - 2012-11-25 17:24 - 00001165 ____A C:\AdwCleaner[S3].txt
2012-11-25 17:13 - 2012-11-25 17:13 - 00001584 ____A C:\AdwCleaner[S2].txt
2012-11-25 12:09 - 2012-08-11 12:44 - 00000000 ____D C:\Users\jarroda\Documents\The Lord of the Rings Online
2012-11-25 07:28 - 2012-11-25 07:28 - 00001514 ____A C:\AdwCleaner[R1].txt
2012-11-25 07:28 - 2012-10-03 17:47 - 00000000 ____D C:\Users\jarroda\Desktop\Bleeping Computer
2012-11-24 12:28 - 2012-10-06 10:27 - 00011644 ____A C:\Windows\PFRO.log
2012-11-24 07:41 - 2011-03-23 14:03 - 00000000 ____D C:\Users\jarroda\AppData\Local\Apps\2.0
2012-11-23 12:42 - 2012-11-23 12:42 - 00029853 ____A C:\ComboFix.txt
2012-11-23 12:42 - 2012-10-03 10:18 - 00000000 ___AD C:\Qoobox
2012-11-23 12:39 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-23 12:27 - 2012-11-12 05:31 - 00000083 ____A C:\Users\jarroda\Desktop\lotro mount code.txt
2012-11-21 17:19 - 2011-06-03 12:39 - 00000000 ____D C:\Program Files (x86)\Scrivener
2012-11-21 17:17 - 2012-11-21 17:17 - 00001708 ____A C:\Users\Public\Desktop\Scrivener.lnk
2012-11-21 07:28 - 2011-03-24 20:12 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-11-21 07:19 - 2012-11-21 07:19 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-11-20 16:48 - 2012-11-20 16:45 - 00000000 ____D C:\Users\jarroda\Documents\Assassin's Creed III
2012-11-20 16:46 - 2012-02-28 17:56 - 00000000 ____D C:\Users\jarroda\AppData\Local\Ubisoft Game Launcher
2012-11-20 15:35 - 2012-11-20 10:40 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\GetRightToGo
2012-11-20 15:34 - 2011-04-07 13:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-20 15:34 - 2011-03-24 06:25 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-11-20 15:33 - 2012-11-20 15:33 - 00001205 ____A C:\Users\jarroda\Desktop\Uplay.lnk
2012-11-20 15:33 - 2011-03-24 06:25 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-11-20 15:32 - 2012-10-13 20:20 - 00107604 ____A C:\Windows\DirectX.log
2012-11-20 12:43 - 2012-08-22 19:47 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-11-20 12:40 - 2011-04-09 07:25 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\ArcSoft
2012-11-20 12:39 - 2012-10-03 08:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-20 12:39 - 2012-10-03 08:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-20 12:39 - 2011-04-09 08:32 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2012-11-20 10:34 - 2012-11-20 10:31 - 00000000 ____D C:\Users\jarroda\Downloads\Assassin's Creed 3 Stuff
2012-11-20 08:21 - 2011-10-11 22:16 - 00000000 ____D C:\Users\jarroda\AppData\Local\2DBoy
2012-11-20 07:51 - 2012-11-20 07:51 - 00002120 ____A C:\scu.dat
2012-11-20 05:04 - 2012-11-20 05:04 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-20 05:00 - 2012-11-20 05:00 - 02322184 ____A (ESET) C:\Users\jarroda\Downloads\esetsmartinstaller_enu.exe
2012-11-19 15:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-19 04:57 - 2011-03-23 13:41 - 00110552 ____A C:\Users\jarroda\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-19 04:55 - 2009-07-13 20:45 - 00414184 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-19 04:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-18 20:50 - 2012-11-18 20:49 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2012-11-18 07:14 - 2012-01-23 07:49 - 00000000 ____D C:\Users\jarroda\AppData\Local\AliensVsPredator
2012-11-18 06:56 - 2011-03-23 13:39 - 00000000 ____D C:\users\jarroda
2012-11-18 00:06 - 2011-03-24 20:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-17 20:58 - 2012-11-17 20:14 - 00000000 ____D C:\Users\jarroda\Desktop\Lotro Plugins
2012-11-17 15:20 - 2012-11-17 15:17 - 266710395 ____A C:\Users\jarroda\Downloads\SyderArcadeV13WINsetup.zip
2012-11-17 15:19 - 2012-11-17 15:17 - 118021574 ____A C:\Users\jarroda\Downloads\Syder_Arcade_OST.zip
2012-11-17 14:31 - 2012-06-18 16:51 - 00000000 ____D C:\Users\jarroda\Downloads\GW2 Wallpapers
2012-11-16 05:30 - 2012-11-16 05:30 - 00000000 ____D C:\ms
2012-11-16 05:08 - 2012-11-16 05:08 - 00291840 ____A C:\Windows\Minidump\111612-35843-01.dmp
2012-11-16 05:08 - 2012-11-06 14:03 - 949320873 ____A C:\Windows\MEMORY.DMP
2012-11-16 05:08 - 2011-06-22 06:07 - 00000000 ____D C:\Windows\Minidump
2012-11-14 22:01 - 2011-04-07 07:55 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-14 21:46 - 2011-03-28 06:26 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-14 21:45 - 2009-07-13 18:34 - 00000570 ____A C:\Windows\win.ini
2012-11-13 20:08 - 2012-11-13 20:08 - 00062140 ____A C:\Users\jarroda\Downloads\fbpurity.SVNNINSIX.crx
2012-11-13 17:46 - 2012-11-13 17:46 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-11-13 17:36 - 2012-11-13 17:36 - 00000000 ____D C:\Program Files (x86)\Warner Bros. Interactive Entertainment
2012-11-13 04:56 - 2012-08-23 11:19 - 00000000 ____D C:\Program Files (x86)\Raptr
2012-11-12 04:59 - 2011-03-29 06:44 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-12 04:58 - 2012-04-05 06:25 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-12 04:58 - 2011-05-13 05:01 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-09 20:25 - 2011-04-14 09:37 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\calibre
2012-11-09 20:24 - 2012-11-09 20:24 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-11-09 20:24 - 2011-04-14 09:44 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-11-09 20:22 - 2012-11-09 20:22 - 50472448 ____A C:\Users\jarroda\Downloads\calibre-0.9.5.msi
2012-11-09 20:12 - 2012-11-09 19:36 - 00000000 ____D C:\Users\All Users\PDVD
2012-11-09 20:12 - 2012-11-09 19:31 - 00000000 ____D C:\Users\All Users\CyberLink
2012-11-09 19:40 - 2012-11-09 16:46 - 00000000 ____D C:\Users\jarroda\Documents\CyberLink
2012-11-09 19:40 - 2012-11-09 16:44 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\CyberLink
2012-11-09 19:36 - 2012-11-09 19:36 - 00000000 ____D C:\Users\jarroda\AppData\Local\CyberLink
2012-11-09 19:36 - 2012-11-09 19:36 - 00000000 ____D C:\MediaServer
2012-11-09 19:36 - 2012-11-09 16:44 - 00000000 ____D C:\Users\Public\CyberLink
2012-11-09 19:35 - 2012-11-09 19:35 - 00002192 ____A C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2012-11-09 19:33 - 2012-11-09 19:33 - 00000000 ____D C:\Program Files (x86)\CyberLink
2012-11-09 19:31 - 2012-11-09 19:31 - 00000000 ____D C:\Users\All Users\install_clap
2012-11-09 16:48 - 2012-11-09 16:45 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2012-11-09 16:47 - 2012-11-09 16:47 - 00000000 ____D C:\Users\jarroda\AppData\Local\MediaShow
2012-11-09 16:45 - 2012-11-09 16:45 - 00000000 ____D C:\Users\jarroda\AppData\Local\MediaServer
2012-11-09 16:36 - 2012-11-09 16:36 - 00958992 ____A (CyberLink) C:\Users\jarroda\Downloads\CyberLink_PowerDVD_Downloader.exe
2012-11-09 16:36 - 2012-11-09 16:36 - 00946664 ____A (CyberLink) C:\Users\jarroda\Downloads\CyberLink_PowerDVD_Downloader_CNET.exe
2012-11-09 16:04 - 2012-11-09 16:04 - 02005614 ____A C:\Users\jarroda\Downloads\BH10LS30_L101%28ew%29.zip
2012-11-09 15:40 - 2012-04-27 11:25 - 00000000 ____D C:\users\Mcx1-TEUFELAFFE
2012-11-09 15:39 - 2012-08-16 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-09 15:39 - 2012-04-18 07:42 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-09 15:39 - 2011-03-26 06:33 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\Notepad++
2012-11-09 15:39 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-11-09 15:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-11-09 13:31 - 2012-11-09 13:31 - 00000199 ____A C:\Users\jarroda\Desktop\Dota 2.url
2012-11-09 07:56 - 2011-03-23 14:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-08 05:30 - 2011-07-27 18:34 - 00000000 ____D C:\Users\jarroda\AppData\Local\Origin
2012-11-08 05:27 - 2011-07-27 18:34 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\Origin
2012-11-08 05:27 - 2011-07-27 18:28 - 00000000 ____D C:\Users\All Users\Origin
2012-11-08 05:25 - 2011-07-27 18:27 - 00000000 ____D C:\Program Files (x86)\Origin
2012-11-07 13:29 - 2011-08-31 06:54 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-11-07 07:27 - 2012-11-07 07:23 - 38574309 ____A C:\Users\jarroda\Downloads\SkritinVideos.rar
2012-11-07 07:19 - 2012-11-07 07:19 - 03249726 ____A C:\Users\jarroda\Downloads\video_toy.rar
2012-11-06 14:03 - 2012-11-06 14:03 - 00291880 ____A C:\Windows\Minidump\110612-41859-01.dmp
2012-11-03 18:18 - 2012-11-03 18:18 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\RCKR
2012-11-03 18:18 - 2012-08-23 07:11 - 00000000 ____D C:\Program Files (x86)\RaidCall
2012-11-02 06:57 - 2012-11-02 06:56 - 00000000 ____D C:\Users\jarroda\Documents\Spartan
2012-11-01 20:50 - 2012-11-01 20:50 - 00000202 ____A C:\Users\jarroda\Desktop\Age of Empires Online.url
2012-11-01 06:46 - 2012-11-01 06:46 - 00000599 ____A C:\Users\jarroda\Desktop\Bridge Project Demo.lnk
2012-11-01 06:43 - 2012-11-01 06:36 - 170851242 ____A (Chronic Logic LLC ) C:\Users\jarroda\Downloads\bridgeprojectdemo.exe
2012-10-31 11:06 - 2012-10-31 11:06 - 00000000 __HDC C:\Users\All Users\{A9D2D39F-ECFE-4EDC-A4CB-72BE318F2B40}
2012-10-31 11:05 - 2012-10-31 11:05 - 00000764 ____A C:\Users\Public\Desktop\Sins of a Solar Empire - Trinity.lnk
2012-10-31 11:04 - 2012-10-31 10:54 - 1172213085 ____A (Stardock Entertainment, Inc.) C:\Users\jarroda\Downloads\SinsTrinity_setup_1.34.050.exe
2012-10-31 10:51 - 2012-10-31 10:51 - 00000000 ____D C:\Users\jarroda\AppData\Local\Ironclad Games
2012-10-31 10:50 - 2012-10-31 10:50 - 00000000 ____D C:\Users\All Users\Ironclad Games
2012-10-31 10:33 - 2012-10-31 10:33 - 00001053 ____A C:\Users\Public\Desktop\GameStop App.lnk
2012-10-31 10:33 - 2012-10-31 10:33 - 00000000 ____D C:\Users\jarroda\AppData\Local\GameStop
2012-10-31 10:33 - 2012-10-31 10:33 - 00000000 ____D C:\Users\All Users\Gibraltar
2012-10-31 10:33 - 2012-10-31 10:33 - 00000000 ____D C:\Users\All Users\GameStop
2012-10-31 10:33 - 2012-10-31 10:33 - 00000000 ____D C:\Program Files (x86)\GameStop App
2012-10-31 10:33 - 2012-10-31 10:32 - 00000000 __HDC C:\Users\All Users\{BB404D86-96D5-49BA-BE2E-955F3901C656}
2012-10-31 10:33 - 2012-10-31 06:42 - 00000000 ____D C:\Users\jarroda\AppData\Roaming\Stardock
2012-10-31 10:32 - 2012-10-31 10:32 - 00000000 ____D C:\Users\jarroda\AppData\Local\PackageAware
2012-10-31 10:30 - 2012-10-31 10:30 - 00139536 ____A (GameStop Corporation) C:\Users\jarroda\Downloads\GameStopApp_setup.exe
2012-10-31 10:30 - 2011-04-09 17:19 - 00000000 ____D C:\Users\All Users\Stardock
2012-10-31 08:05 - 2012-10-31 08:05 - 00342489 ____A C:\Users\jarroda\Downloads\tonicbars-v2.9.1.zip
2012-10-31 06:47 - 2012-10-31 06:47 - 00000000 ____D C:\Users\jarroda\Desktop\Pics
2012-10-31 06:43 - 2012-10-31 06:43 - 00000000 ____D C:\Users\jarroda\AppData\Local\Stardock_Corporation
2012-10-31 06:42 - 2012-10-31 06:42 - 00002030 ____A C:\Users\jarroda\Desktop\Customize Fences.lnk
2012-10-31 06:41 - 2012-10-31 06:41 - 14162808 ____A C:\Users\jarroda\Downloads\Fences2_setup.exe
2012-10-31 06:41 - 2012-10-31 06:41 - 00000000 ____D C:\Program Files (x86)\Stardock
2012-10-28 09:24 - 2012-10-28 09:21 - 00000000 ____D C:\Users\jarroda\Desktop\2012

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-18 20:45:17
Restore point made on: 2012-11-18 20:49:46
Restore point made on: 2012-11-19 05:00:09
Restore point made on: 2012-11-20 12:35:50
Restore point made on: 2012-11-20 15:31:08
Restore point made on: 2012-11-20 15:34:16
Restore point made on: 2012-11-22 07:45:36
Restore point made on: 2012-11-26 05:35:33
Restore point made on: 2012-11-26 05:59:38

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8186.58 MB
Available physical RAM: 7345.32 MB
Total Pagefile: 8184.73 MB
Available Pagefile: 7334.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:151.32 GB) NTFS
2 Drive d: (SATA C) (Fixed) (Total:46.56 GB) (Free:17.91 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
3 Drive e: (SATA D) (Fixed) (Total:46.57 GB) (Free:19.96 GB) NTFS
4 Drive f: (SATA E) (Fixed) (Total:60.25 GB) (Free:25.41 GB) NTFS
5 Drive h: (FELLOWSHIP_OF_THE_RING_EXT_PT1) (CDROM) (Total:28.73 GB) (Free:0 GB) UDF
6 Drive i: () (Removable) (Total:3.76 GB) (Free:0.01 GB) NTFS
7 Drive j: () (Removable) (Total:7.6 GB) (Free:2.16 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (Planet X) (Fixed) (Total:931.39 GB) (Free:97.92 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B *
Disk 1 Online 153 GB 0 B
Disk 2 Online 465 GB 6144 KB
Disk 3 Online 3853 MB 0 B
Disk 4 Online 7800 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 931 GB 129 MB

==================================================================================

Disk: 0
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Planet X NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 46 GB 31 KB
Partition 0 Extended 106 GB 46 GB
Partition 2 Logical 46 GB 46 GB
Partition 3 Logical 60 GB 93 GB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D SATA C FAT32 Partition 46 GB Healthy

=========================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E SATA D NTFS Partition 46 GB Healthy

=========================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F SATA E NTFS Partition 60 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 465 GB 8032 KB
Partition 1 Logical 465 GB 8064 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3853 MB 0 B

==================================================================================

Disk: 3
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7799 MB 16 KB

==================================================================================

Disk: 4
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT32 Removable 7799 MB Healthy

=========================================================

Last Boot: 2012-11-25 12:37

==================== End Of Log =============================

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 PM

Posted 26 November 2012 - 11:06 AM

The extension should be in one of these folders. Delete it. Restart the computer normally.

C:\Users\User_Name\AppData\Local\Google\Chrome\User Data\Default\Extensions

C:\Users\User_Name\AppData\Local\Google\Chrome\User Data\Default\Default
===

Keep me posted.

#9 Teufelaffe

Teufelaffe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 26 November 2012 - 11:50 AM

Removed sub-folder from C:\Users\User_Name\AppData\Local\Google\Chrome\User Data\Default\Default and restarted. Redirect appears to be gone, as is "Default Extension."

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 PM

Posted 26 November 2012 - 02:39 PM

Good work.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users