Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe crashes on startup


  • This topic is locked This topic is locked
27 replies to this topic

#1 wezel444

wezel444

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 16 August 2013 - 10:48 PM

 
 

 

svchost.exe crashes on startup

 heres Hijack this log

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:05:54 PM, on 8/16/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)

FIREFOX: 22.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\W@Z@L\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\W@Z@L\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\W@Z@L\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe] C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Recent.vbe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\W@Z@L\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\W@Z@L\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [EarthAlerts] C:\Program Files (x86)\Earth Alerts\EarthAlerts.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-607074098-644144689-4247344519-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-607074098-644144689-4247344519-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O4 - Global Startup: RocketDock.lnk = C:\Program Files (x86)\HUD-RED Skin Pack\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: DisplayFusionService - Binary Fortress Software - C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10708 bytes
 

 


Edited by hamluis, 17 August 2013 - 04:07 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 18 August 2013 - 07:28 AM

Please help not sure what to do here BUMP!!



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 AM

Posted 18 August 2013 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    HijackThis doesn't handle your version of Windows well. In your case I need to see a final DDS Log.
    I suggest you remove HijackThis using the Add/Remove Programs list.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


#4 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 18 August 2013 - 10:28 AM

 
 

TY in advance for your help

 

RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : W@Z@L [Admin rights]
Mode : Remove -- Date : 08/18/2013 10:26:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Tri (C:\Users\W@Z@L\AppData\Roaming\kMBVM\insidminer.exe [x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-607074098-644144689-4247344519-1000\[...]\Run : Tri (C:\Users\W@Z@L\AppData\Roaming\kMBVM\insidminer.exe [x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Adobe (C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Recent.vbe [-]) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-607074098-644144689-4247344519-1000Core1ce7f2261e033f0.job : C:\Users\W@Z@L\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] 898ec24aa52f3e02e2134b5c1cb4be1a
[BSP] 1329a9fe6b4187219e8cdc3a263a120c : Windows 7/8 MBR Code


Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo

User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] 84548c6d5018fb2e2329188ad84e1ec1
[BSP] d2ff2c7c28304a0ce5e60db24fb95b94 : Windows 7/8 MBR Code

Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] f55ca92baa4f52f6aab8f0d239c89c4e
[BSP] 4e2aa3ef25c1690319543a4189003449 : Windows 7/8 MBR Code

Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo

User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] b5731efad8c762f696b23eb5331e44be
[BSP] 25f13bdfe692857adeb332eac1846395 : Windows 7/8 MBR Code

Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238474 Mo

User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] 2377b39182564ec3029510acb08eca2a
[BSP] ae4ff1b584033f80470e373d8322eef0 : Windows 7/8 MBR Code

Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_08182013_102630.txt >>
RKreport[0]_S_08182013_102621.txt

 

 

 

DDS LOG

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.21.2
Run by W@Z@L at 10:27:34 on 2013-08-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.5293 [GMT -5:00]
.
AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\msdtc.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\W@Z@L\Desktop\RogueKillerX64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [uTorrent] "C:\Users\W@Z@L\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Facebook Update] "C:\Users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EarthAlerts] C:\Program Files (x86)\Earth Alerts\EarthAlerts.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [NetMeter] C:\Program Files (x86)\HooTech Net Meter\HooNetMeter.exe
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [BitTorrent Sync] "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe"  /MINIMIZED
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
StartupFolder: C:\Users\W@Z@L\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\Users\W@Z@L\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Program Files (x86)\HUD-RED Skin Pack\RocketDock\RocketDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WHOISO~1.LNK - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{2E997EA0-DEF1-44D9-885C-2A46F4DD6AD8} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{C699C377-9786-46AE-AC68-36EC9912F188} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{E30FF437-266F-4EFA-B2A3-733684399C97} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{E30FF437-266F-4EFA-B2A3-733684399C97}\4516D6071687 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{E30FF437-266F-4EFA-B2A3-733684399C97}\7554A554C4434343 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{FEFE7A15-AB37-45EB-9F8D-28095F61ABB8} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: CThemeResourceChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\W@Z@L\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\W@Z@L\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\W@Z@L\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\W@Z@L\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-02 11:03; jid1-zlXnEvw93j6qAA@jetpack; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid1-zlXnEvw93j6qAA@jetpack.xpi
FF - ExtSQL: 2013-07-03 08:12; {7b1bf0b6-a1b9-42b0-b75d-252036438bdc}; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}
FF - ExtSQL: 2013-07-03 08:17; youtubeunblocker@unblocker.yt; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\youtubeunblocker@unblocker.yt.xpi
FF - ExtSQL: 2013-07-03 08:19; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-07-03 08:26; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2013-07-03 08:28; youtube2mp3@mondayx.de; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\youtube2mp3@mondayx.de.xpi
FF - ExtSQL: 2013-07-10 03:15; savedpasswordeditor@daniel.dawson; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\savedpasswordeditor@daniel.dawson.xpi
FF - ExtSQL: 2013-07-10 03:22; elemhidehelper@adblockplus.org; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-07-19 07:02; fbdislike@doweb.fr; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\fbdislike@doweb.fr.xpi
FF - ExtSQL: 2013-07-19 07:03; jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack.xpi
FF - ExtSQL: 2013-07-19 07:04; jid1-CGrc5dzo0BPqQw@jetpack; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid1-CGrc5dzo0BPqQw@jetpack.xpi
FF - ExtSQL: 2013-07-19 07:05; jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi
FF - ExtSQL: !HIDDEN! 2013-05-19 12:11; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d41f037d00000000000000158315a310&q=
FF - user.js: extensions.BabylonToolbar.id - d41f037d00000000000000158315a310
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15659
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.812:55:47
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8Ls8IyRH&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d41f037d00000000000000158315a310
FF - user.js: extensions.incredibar_i.instlDay - 15660
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:19:43
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8Ls8IyRH
FF - user.js: extensions.incredibar_i.upn2n - 92825413182053353
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10674
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2011-12-21 25056]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-5-19 155272]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-31 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-5-19 1093256]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-5-19 228488]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-5-19 166024]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-5-19 3696632]
R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2013-1-8 273656]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-5-16 1243024]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-16 14984480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-16 4308320]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-5-19 367200]
R3 IvtAudioBusSrv;IvtAudioBusSrv;C:\Windows\System32\drivers\IvtBtBus.sys [2012-12-24 27256]
R3 IvtComBusSrv;IvtComBusSrv;C:\Windows\System32\drivers\btcombus.sys [2013-1-5 25720]
R3 IvtPanBusSrv;IvtPanBusSrv;C:\Windows\System32\drivers\btnetBus.sys [2012-12-24 31480]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2013-1-17 44272]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-8-16 39712]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTCOM;Bluetooth Serial port driver;C:\Windows\System32\drivers\btcomport.sys [2011-7-27 29576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-16 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-5-20 31800]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2013-5-16 446976]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-5-16 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-16 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
.
=============== Created Last 30 ================
.
2013-08-17 03:25:34    --------    d-----w-    C:\$RECYCLE.BIN
2013-08-17 03:10:27    98816    ----a-w-    C:\Windows\sed.exe
2013-08-17 03:10:27    256000    ----a-w-    C:\Windows\PEV.exe
2013-08-17 03:10:27    208896    ----a-w-    C:\Windows\MBR.exe
2013-08-16 15:19:09    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{295899DF-31CE-41ED-A841-891E34EC4F07}\mpengine.dll
2013-08-16 07:08:02    --------    d-----w-    C:\NvidiaLogging
2013-08-16 07:07:30    39712    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-08-16 07:07:30    29984    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-08-16 07:07:30    28448    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-08-16 07:07:18    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\NVIDIA
2013-08-16 05:01:09    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-16 00:01:29    216064    ----a-w-    C:\Windows\SysWow64\gcapi_dll.dll
2013-08-16 00:01:24    --------    d-----w-    C:\Program Files (x86)\FOXIT SOFTWARE
2013-08-15 08:04:59    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-15 06:53:35    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\EMU
2013-08-15 06:46:43    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\PAYDAY 2
2013-08-15 05:01:14    --------    d-----w-    C:\Program Files (x86)\Lazesoft Disk Image & Clone
2013-08-15 05:00:20    --------    d-----w-    C:\Program Files (x86)\Lazesoft Recover My Password
2013-08-15 04:57:35    --------    d-----w-    C:\Program Files (x86)\Lazesoft Windows Recovery
2013-08-15 01:27:14    --------    d-----w-    C:\Program Files (x86)\PAYDAY 2
2013-08-14 11:54:50    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\MumboJumbo
2013-08-14 11:33:06    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-14 11:33:05    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-14 11:33:05    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-14 11:33:05    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-14 11:33:05    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 11:33:05    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-14 11:33:05    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-14 11:33:05    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-14 11:33:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-14 11:33:01    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-08-12 03:49:57    --------    d-----w-    C:\Program Files (x86)\IconLover
2013-08-12 03:12:50    --------    d-----w-    C:\Program Files\NetworkView362
2013-08-11 01:20:11    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\DeskShare Data
2013-08-11 01:04:37    --------    d-----w-    C:\ProgramData\DeskShare
2013-08-11 01:04:33    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\Spoon
2013-08-11 01:04:31    --------    d-----w-    C:\Program Files (x86)\Deskshare
2013-08-10 05:57:39    --------    d-----w-    C:\Windows\System32\MRT
2013-08-09 14:28:40    --------    d-----w-    C:\Program Files (x86)\Zebra-Media
2013-08-09 13:07:07    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\gtk-2.0
2013-08-09 13:07:06    --------    d-----w-    C:\Users\W@Z@L\.thumbnails
2013-08-09 13:05:43    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\gegl-0.2
2013-08-09 13:05:43    --------    d-----w-    C:\Users\W@Z@L\.gimp-2.8
2013-08-09 12:37:20    --------    d-----w-    C:\Program Files\GIMP 2
2013-08-09 06:22:32    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\Photobucket
2013-08-09 06:22:26    --------    d-----w-    C:\Program Files (x86)\Photobucket Backup
2013-08-09 02:57:35    --------    d-----w-    C:\ProgramData\Classroom Spy Pro
2013-08-09 02:55:43    --------    d-----w-    C:\Program Files (x86)\Classroom Spy Pro
2013-08-07 18:18:38    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\BANDISOFT
2013-08-07 18:17:45    --------    d-----w-    C:\Program Files (x86)\Bandicam
2013-08-07 18:17:44    --------    d-----w-    C:\Program Files (x86)\BandiMPEG1
2013-08-07 01:32:08    --------    d-----w-    C:\Program Files (x86)\Rise of the Triad
2013-08-05 06:15:12    70712    ----a-w-    C:\Windows\System32\bdmpega64.acm
2013-08-05 06:15:10    66104    ----a-w-    C:\Windows\SysWow64\bdmpega.acm
2013-08-05 06:15:08    70200    ----a-w-    C:\Windows\System32\bdmpegv64.dll
2013-08-05 06:15:08    66104    ----a-w-    C:\Windows\SysWow64\bdmpegv.dll
2013-08-05 06:15:06    25640    ----a-w-    C:\Windows\System32\bdmjpeg64.dll
2013-08-05 06:15:06    23080    ----a-w-    C:\Windows\SysWow64\bdmjpeg.dll
2013-08-01 17:09:05    --------    d-----w-    C:\Program Files (x86)\Narco Terror
2013-07-31 18:42:53    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\Acoustica
2013-07-31 18:42:41    --------    d-----w-    C:\Program Files (x86)\Acoustica CD Label Maker
2013-07-31 18:23:26    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\MicroVision Applications
2013-07-31 18:23:18    743760    ----a-w-    C:\Windows\SysWow64\msvcp100d.dll
2013-07-31 18:23:18    1505104    ----a-w-    C:\Windows\SysWow64\msvcr100d.dll
2013-07-31 18:22:48    487424    ----a-w-    C:\Windows\SysWow64\msvcp70.dll
2013-07-31 18:22:48    344064    ----a-w-    C:\Windows\SysWow64\msvcr70.dll
2013-07-31 18:22:47    --------    d-----w-    C:\Program Files (x86)\Common Files\SureThing Shared
2013-07-31 18:22:35    --------    d-----w-    C:\Program Files (x86)\SureThing CD Labeler 5
2013-07-31 18:10:13    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\Chayowo Games
2013-07-31 16:45:27    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\EurekaLog
2013-07-31 13:11:01    --------    d-----w-    C:\ProgramData\LightScribe
2013-07-31 07:21:56    --------    d-----w-    C:\Windows\Legends of the East - The Cobras Eye Collector's Edition
2013-07-31 07:21:55    --------    d-----w-    C:\Program Files (x86)\Legends of the East - The Cobras Eye Collector's Edition
2013-07-30 23:07:02    --------    d-----w-    C:\Program Files (x86)\Microsoft WSE
2013-07-29 19:01:16    --------    d-----w-    C:\Program Files (x86)\Business Card Designer
2013-07-28 09:54:54    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\Boss
2013-07-28 09:44:12    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\ITB
2013-07-27 03:28:55    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED02DCDA-FFD0-4D2B-BED7-E6998DEC4240}\gapaengine.dll
2013-07-27 03:25:03    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-07-27 03:25:00    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-07-26 03:53:48    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\.mono
2013-07-26 03:42:52    --------    d-----w-    C:\Program Files (x86)\KSP_win
2013-07-25 04:58:03    90112    ----a-w-    C:\Windows\unvise32.exe
2013-07-25 04:56:00    --------    d-----w-    C:\Program Files (x86)\The Logo Creator v5
2013-07-25 04:51:23    --------    d-----w-    C:\Users\W@Z@L\AppData\Roaming\LogoMaker
2013-07-25 04:47:11    --------    d-----w-    C:\Program Files (x86)\Studio V5
2013-07-24 17:22:21    --------    d-----w-    C:\Riot Games
2013-07-24 08:54:30    --------    d-----w-    C:\Program Files (x86)\PingPlotter Pro
2013-07-22 03:02:13    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\Facebook
2013-07-21 21:07:49    --------    d-----w-    C:\ProgramData\Cateia Games
2013-07-21 21:06:33    --------    d-----w-    C:\Program Files (x86)\SmallGames
2013-07-21 21:05:32    --------    d-----w-    C:\Program Files (x86)\Kingdom Tales HD
2013-07-20 23:41:36    --------    d-----w-    C:\Program Files (x86)\Warframe
2013-07-20 23:41:35    --------    d-----w-    C:\Users\W@Z@L\AppData\Local\Warframe
.
==================== Find3M  ====================
.
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-22 18:22:23    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 18:22:23    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-21 10:23:16    6496544    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10    2555680    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-06-21 10:23:10    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-06-21 10:16:02    566048    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-06-20 04:17:49    3253909    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-06-19 02:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 02:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 23:05:42    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-10 09:20:13    232904    ----a-w-    C:\Windows\SysWow64\poclbm121016GeForce GTS 450gv1w256l4.bin
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-31 08:52:24    20024    ----a-w-    C:\Windows\System32\drivers\iusb3hcs.sys
2013-05-31 08:52:24    1721576    ----a-w-    C:\Windows\System32\WdfCoInstaller01009.dll
2013-05-31 08:52:22    20520    ----a-w-    C:\Windows\System32\drivers\UVCFTR_S.SYS
2013-05-31 08:51:25    953344    ----a-w-    C:\Windows\System32\fdco2.dll
2013-05-31 08:51:25    349416    ----a-w-    C:\Windows\System32\drivers\nvmf6264.sys
2013-05-31 08:51:25    229480    ----a-w-    C:\Windows\System32\nvconrm.dll
2013-05-31 08:38:59    1832224    ----a-w-    C:\Windows\System32\nvdispco6432018.dll
2013-05-31 08:38:59    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6432018.dll
2013-05-31 08:30:00    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-05-31 08:30:00    194848    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-05-31 08:30:00    1510176    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-05-22 18:33:46    704512    ----a-w-    C:\Windows\System32\taskmgr.exe
.
============= FINISH: 10:27:50.36 ===============
 

 

 


 

 



#5 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 18 August 2013 - 10:37 AM

Ok i just got an email and i should be smarter than this but i buy and sell alot of stuff but before even realizing what it was i clicked on it then realized it was a .scr file can you take a look at it for me?..ok  im not permitted to upload it ..what should i do?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 AM

Posted 18 August 2013 - 12:53 PM

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===
 

Ok i just got an email and i should be smarter than this but i buy and sell alot of stuff but before even realizing what it was i clicked on it then realized it was a .scr file can you take a look at it for me?

Lets make sure it's not malware.

In the instructions below were you see
xxxxxC:\Users\varun\Desktop\AppearOffline.exexxxx

Change the path and filename where the Yourfilename.scr is located then submit it to Jotti or Virus total.

>>> Run Jotti's malware scan: Please copy this line (in bold):
xxxxxC:\Users\varun\Desktop\AppearOffline.exexxxx
  • Go to Jotti's malware scan
  • and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Capture.JPG
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com

Post the logs and let me know what problem persists.

#7 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 18 August 2013 - 01:14 PM

 
 

# AdwCleaner v2.306 - Logfile created 08/18/2013 at 12:59:44
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : W@Z@L - WEZEL
# Boot Mode : Normal
# Running from : C:\Users\W@Z@L\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

 

 

 

JRT.exe gives me error C\Windows\system32\cmd.exe     A device attached to the system is not functioning


***** [Files / Folders] *****

File Deleted : C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\searchplugins\Askcom.xml
File Deleted : C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\searchplugins\Babylon.xml
File Deleted : C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\searchplugins\delta.xml
File Deleted : C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\searchplugins\MyStart Search.xml
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5c6da88e03ded14
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\prefs.js

C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\user.js ... Deleted !

Deleted : user_pref("CT3205406.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3205406.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3205406.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3205406.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3205406.FirstTime", "true");
Deleted : user_pref("CT3205406.FirstTimeFF3", "true");
Deleted : user_pref("CT3205406.UserID", "UN59748585515551335");
Deleted : user_pref("CT3205406.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3205406.autoDisableScopes", 0);
Deleted : user_pref("CT3205406.defaultSearch", "false");
Deleted : user_pref("CT3205406.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3205406.enableAlerts", "always");
Deleted : user_pref("CT3205406.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3205406.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3205406.fixPageNotFoundError", "true");
Deleted : user_pref("CT3205406.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3205406.fixUrls", true);
Deleted : user_pref("CT3205406.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT3205406.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3205406.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3205406.isNewTabEnabled", true);
Deleted : user_pref("CT3205406.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3205406.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3205406.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3205406.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3205406.openThankYouPage", "false");
Deleted : user_pref("CT3205406.openUninstallPage", "true");
Deleted : user_pref("CT3205406.search.searchAppId", "10000002");
Deleted : user_pref("CT3205406.search.searchCount", "0");
Deleted : user_pref("CT3205406.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3205406.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3205406.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3205406.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3205406.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3205406.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3205406.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3205406.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3205406.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343919708581");
Deleted : user_pref("CT3205406.serviceLayer_services_appTracking_lastUpdate", "1343919710485");
Deleted : user_pref("CT3205406.serviceLayer_services_appsMetadata_lastUpdate", "1343919708857");
Deleted : user_pref("CT3205406.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343919708971");
Deleted : user_pref("CT3205406.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345785587122");
Deleted : user_pref("CT3205406.serviceLayer_services_login_10.10.27.6_lastUpdate", "1355057195656");
Deleted : user_pref("CT3205406.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343919709289");
Deleted : user_pref("CT3205406.serviceLayer_services_searchAPI_lastUpdate", "1343919707666");
Deleted : user_pref("CT3205406.serviceLayer_services_serviceMap_lastUpdate", "1355028215147");
Deleted : user_pref("CT3205406.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343919709182");
Deleted : user_pref("CT3205406.serviceLayer_services_toolbarSettings_lastUpdate", "1355064393448");
Deleted : user_pref("CT3205406.serviceLayer_services_translation_lastUpdate", "1355028216270");
Deleted : user_pref("CT3205406.settingsINI", true);
Deleted : user_pref("CT3205406.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3205406.smartbar.CTID", "CT3205406");
Deleted : user_pref("CT3205406.smartbar.Uninstall", "0");
Deleted : user_pref("CT3205406.smartbar.isHidden", true);
Deleted : user_pref("CT3205406.smartbar.toolbarName", "GamerPubTB ");
Deleted : user_pref("CT3205406.startPage", "userChanged");
Deleted : user_pref("CT3205406.toolbarBornServerTime", "2-8-2012");
Deleted : user_pref("CT3205406.toolbarCurrentServerTime", "9-12-2012");
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6R8Ls8IyRH&i=26");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.50831b5f49f7c.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.510f141671b7c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=107763");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 14);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "d41f037d00000000000000158315a310");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15659");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 14);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1017:38:27");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 67767637);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1017:38:27");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=14335&tt=4612_4[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.812:55:47");
Deleted : user_pref("extensions.aniweather.timeShifted", 264911);
Deleted : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Deleted : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10674");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "6D8273A6BF1E270DF73E8F0E4E0C4740");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "d41f037d00000000000000158315a310");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15660");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1414:19:43");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Ls8IyRH&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8Ls8IyRH");
Deleted : user_pref("extensions.incredibar.upn2n", "92825413182053353");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1414:19:43");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10674");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "d41f037d00000000000000158315a310");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15660");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Ls8IyRH&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8Ls8IyRH");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92825413182053353");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1414:19:43");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);
Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
Deleted : user_pref("extensions.speeddial.thumbnail-9-url", "hxxps://mail.google.com/mail/u/0/#inbox");
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.DNSCatch", false);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.FirstLaunchShown", true);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.LastDate", 24);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.customNewTab", false);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.processAddrBar", false);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.session", "F8F07DAAC0A111E032C666119287BD1673F5[...]
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.tb_lang", "en");
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.user_id", "47774655");
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.disablecuidinject", "1");
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.lastcheck", "Sat%20Sep%2024%202011%2000%3A[...]
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.yahooSearch", false);
Deleted : user_pref("quickstores.toolbar.affid", "2017");
Deleted : user_pref("quickstores.toolbar.guid", "{11A8D502-9444-758C-F1AF-AA37620FCCC3}");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\W@Z@L\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17454 octets] - [18/08/2013 12:59:02]
AdwCleaner[S1].txt - [17791 octets] - [18/08/2013 12:59:44]

########## EOF - C:\AdwCleaner[S1].txt - [17852 octets] ##########
 

 

 

Having probs with the permalink






       

 

 


#8 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 18 August 2013 - 01:18 PM

http://virusscan.jotti.org/en/scanresult/fe47f95b4928be089e5538d7ae563a8ce772d286/5cb19ea4b756b91dd9bf8cc1537e0cf330623e44



#9 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 18 August 2013 - 05:56 PM

I cant system restore or anything same error A device attached to the system is not functioning

 

uuug what did i do



#10 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 18 August 2013 - 11:40 PM

I cant run any programs same error



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 AM

Posted 19 August 2013 - 10:08 AM


If you have executed the slip.scr file you know you have a bad infection.

You have something described here.
http://www.securelist.com/en/descriptions/Trojan-Dropper.Win32.Injector.cwdb

Look at the Removal instructions on the link and execute 1, 2,
Then run Bitdefender if you can.

To finish execute item 5.

===

Before proceeding with the instructions above, you can try this.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

#12 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 19 August 2013 - 12:53 PM

 
 

I think i may have got it removed i have all access back but im not 100%

 

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/19/2013 12:52:02 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\Windows\System32\UxTheme.dll : 332,288 : 08/19/2013 08:43 AM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig]
 +-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/13/2009 08:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/13/2009 08:41 PM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/13/2009 08:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/19/2013 12:52:19 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)
 

 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 AM

Posted 20 August 2013 - 07:08 AM

Lets run these scans.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.

Let me know what problem persists.

#14 wezel444

wezel444
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 20 August 2013 - 11:45 AM

 
 

Good morning

 

 

ComboFix 13-08-19.02 - W@Z@L 08/20/2013  11:16:47.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.6365 [GMT -5:00]
Running from: c:\users\W@Z@L\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\W@Z@L\AppData\Roaming\vso_ts_preview.xml
.
---- Previous Run -------
.
c:\program files (x86)\HUD-RED Skin Pack\RocketDock\RocketDock.exe
c:\program files (x86)\RocketDock\RocketDock.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))
.
.
2013-08-20 16:25 . 2013-08-20 16:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-20 08:00 . 2013-08-20 08:00    --------    d-----w-    c:\windows\SysWow64\Wat
2013-08-20 08:00 . 2013-08-20 08:00    --------    d-----w-    c:\windows\system32\Wat
2013-08-20 06:25 . 2013-07-02 06:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DA3B47C-909B-405F-9B34-C7CC26674E8F}\mpengine.dll
2013-08-20 02:54 . 2013-08-20 02:54    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\Wayforward Technologies
2013-08-20 02:53 . 2013-08-20 02:53    --------    d-----w-    c:\program files (x86)\DuckTales Remastered
2013-08-19 18:58 . 2012-08-02 16:21    30752    ----a-w-    c:\windows\system32\drivers\ElRawDsk.sys
2013-08-19 18:58 . 2013-08-20 01:08    --------    d-----w-    c:\programdata\iolo
2013-08-19 18:58 . 2013-08-19 18:58    74703    ----a-w-    c:\windows\SysWow64\mfc45.dat
2013-08-19 18:58 . 2013-08-19 18:58    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\iolo
2013-08-19 17:49 . 2013-08-19 17:49    --------    d-----w-    c:\program files (x86)\Common Files\Bitdefender
2013-08-19 13:31 . 2013-08-19 13:33    --------    d-----w-    c:\windows\system32\catroot2
2013-08-19 13:20 . 2013-08-19 13:20    --------    d-----w-    c:\windows\SysWow64\wbem\Performance
2013-08-19 13:17 . 2013-08-19 13:24    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2013-08-19 13:08 . 2013-08-19 13:08    --------    d-----w-    c:\program files (x86)\Tweaking.com
2013-08-19 05:20 . 2013-08-19 05:20    --------    d-----w-    c:\program files (x86)\ESET
2013-08-19 04:12 . 2013-08-19 04:12    --------    d-----w-    C:\FRST
2013-08-19 01:32 . 2013-07-02 06:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-16 07:08 . 2013-08-16 07:08    --------    d-----w-    C:\NvidiaLogging
2013-08-16 07:07 . 2013-05-14 19:28    39712    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2013-08-16 07:07 . 2013-05-14 19:27    29984    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-08-16 07:07 . 2013-05-14 19:27    28448    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2013-08-16 07:07 . 2013-08-16 07:07    --------    d-----w-    c:\users\W@Z@L\AppData\Local\NVIDIA
2013-08-16 07:05 . 2013-08-19 00:25    --------    d-----w-    c:\users\UpdatusUser
2013-08-16 07:04 . 2013-08-16 07:04    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-08-16 00:01 . 2013-06-10 02:59    216064    ----a-w-    c:\windows\SysWow64\gcapi_dll.dll
2013-08-16 00:01 . 2013-08-16 00:01    --------    d-----w-    c:\program files (x86)\FOXIT SOFTWARE
2013-08-15 08:04 . 2013-07-26 05:13    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-08-15 08:04 . 2013-07-26 05:12    19239424    ----a-w-    c:\windows\system32\mshtml.dll
2013-08-15 08:04 . 2013-07-26 05:12    15405056    ----a-w-    c:\windows\system32\ieframe.dll
2013-08-15 08:02 . 2013-08-15 08:02    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-08-15 06:53 . 2013-08-15 06:53    --------    d-----w-    c:\users\W@Z@L\AppData\Local\EMU
2013-08-15 06:46 . 2013-08-15 06:53    --------    d-----w-    c:\users\W@Z@L\AppData\Local\PAYDAY 2
2013-08-15 05:01 . 2013-08-15 05:01    --------    d-----w-    c:\program files (x86)\Lazesoft Disk Image & Clone
2013-08-15 05:00 . 2013-08-15 05:00    --------    d-----w-    c:\program files (x86)\Lazesoft Recover My Password
2013-08-15 04:57 . 2013-08-15 04:59    --------    d-----w-    c:\program files (x86)\Lazesoft Windows Recovery
2013-08-15 01:27 . 2013-08-20 16:13    --------    d-----w-    c:\program files (x86)\PAYDAY 2
2013-08-14 11:54 . 2013-08-14 11:54    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\MumboJumbo
2013-08-14 11:33 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 11:33 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 11:33 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 11:33 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 11:33 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 11:33 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 11:33 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 11:33 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-14 11:33 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 11:33 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-12 03:49 . 2013-08-12 03:50    --------    d-----w-    c:\program files (x86)\IconLover
2013-08-12 03:12 . 2013-08-12 03:12    --------    d-----w-    c:\program files\NetworkView362
2013-08-11 01:20 . 2013-08-11 01:20    --------    d-----w-    c:\users\W@Z@L\AppData\Local\DeskShare Data
2013-08-11 01:04 . 2013-08-11 01:04    --------    d-----w-    c:\programdata\DeskShare
2013-08-11 01:04 . 2013-08-11 01:04    --------    d-----w-    c:\users\W@Z@L\AppData\Local\Spoon
2013-08-11 01:04 . 2013-08-11 01:04    --------    d-----w-    c:\program files (x86)\Deskshare
2013-08-10 05:57 . 2013-08-15 08:02    --------    d-----w-    c:\windows\system32\MRT
2013-08-09 14:28 . 2013-08-09 14:28    --------    d-----w-    c:\program files (x86)\Zebra-Media
2013-08-09 13:07 . 2013-08-09 13:07    --------    d-----w-    c:\users\W@Z@L\AppData\Local\gtk-2.0
2013-08-09 13:07 . 2013-08-09 13:07    --------    d-----w-    c:\users\W@Z@L\.thumbnails
2013-08-09 13:05 . 2013-08-09 13:25    --------    d-----w-    c:\users\W@Z@L\.gimp-2.8
2013-08-09 13:05 . 2013-08-09 13:05    --------    d-----w-    c:\users\W@Z@L\AppData\Local\gegl-0.2
2013-08-09 12:37 . 2013-08-09 12:37    --------    d-----w-    c:\program files\GIMP 2
2013-08-09 06:22 . 2013-08-09 06:41    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\Photobucket
2013-08-09 06:22 . 2013-08-09 06:22    --------    d-----w-    c:\program files (x86)\Photobucket Backup
2013-08-09 02:57 . 2013-08-09 02:57    --------    d-----w-    c:\programdata\Classroom Spy Pro
2013-08-09 02:55 . 2013-08-09 02:55    --------    d-----w-    c:\program files (x86)\Classroom Spy Pro
2013-08-07 18:18 . 2013-08-07 18:18    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\BANDISOFT
2013-08-07 18:17 . 2013-08-07 18:18    --------    d-----w-    c:\program files (x86)\Bandicam
2013-08-07 18:17 . 2013-08-07 18:17    --------    d-----w-    c:\program files (x86)\BandiMPEG1
2013-08-07 01:32 . 2013-08-07 18:00    --------    d-----w-    c:\program files (x86)\Rise of the Triad
2013-08-05 06:15 . 2013-08-05 06:15    70712    ----a-w-    c:\windows\system32\bdmpega64.acm
2013-08-05 06:15 . 2013-08-05 06:15    66104    ----a-w-    c:\windows\SysWow64\bdmpega.acm
2013-08-05 06:15 . 2013-08-05 06:15    70200    ----a-w-    c:\windows\system32\bdmpegv64.dll
2013-08-05 06:15 . 2013-08-05 06:15    66104    ----a-w-    c:\windows\SysWow64\bdmpegv.dll
2013-08-05 06:15 . 2013-08-05 06:15    25640    ----a-w-    c:\windows\system32\bdmjpeg64.dll
2013-08-05 06:15 . 2013-08-05 06:15    23080    ----a-w-    c:\windows\SysWow64\bdmjpeg.dll
2013-08-01 17:09 . 2013-08-07 18:00    --------    d-----w-    c:\program files (x86)\Narco Terror
2013-07-31 18:42 . 2013-07-31 18:42    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\Acoustica
2013-07-31 18:42 . 2013-07-31 18:42    --------    d-----w-    c:\program files (x86)\Acoustica CD Label Maker
2013-07-31 18:23 . 2013-07-31 18:29    --------    d-----w-    c:\users\W@Z@L\AppData\Local\MicroVision Applications
2013-07-31 18:23 . 2011-02-20 06:01    743760    ----a-w-    c:\windows\SysWow64\msvcp100d.dll
2013-07-31 18:23 . 2011-02-20 06:01    1505104    ----a-w-    c:\windows\SysWow64\msvcr100d.dll
2013-07-31 18:22 . 2006-09-21 12:42    487424    ----a-w-    c:\windows\SysWow64\msvcp70.dll
2013-07-31 18:22 . 2006-09-21 12:42    344064    ----a-w-    c:\windows\SysWow64\msvcr70.dll
2013-07-31 18:22 . 2013-07-31 18:23    --------    d-----w-    c:\program files (x86)\Common Files\SureThing Shared
2013-07-31 18:22 . 2013-07-31 18:55    --------    d-----w-    c:\program files (x86)\SureThing CD Labeler 5
2013-07-31 18:10 . 2013-07-31 18:10    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\Chayowo Games
2013-07-31 16:45 . 2013-07-31 16:45    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\EurekaLog
2013-07-31 13:11 . 2013-07-31 13:11    --------    d-----w-    c:\programdata\LightScribe
2013-07-31 13:05 . 2013-07-31 13:05    --------    d-----w-    c:\program files (x86)\Common Files\LightScribe
2013-07-31 07:21 . 2013-07-31 07:21    --------    d-----w-    c:\windows\Legends of the East - The Cobras Eye Collector's Edition
2013-07-31 07:21 . 2013-07-31 07:23    --------    d-----w-    c:\program files (x86)\Legends of the East - The Cobras Eye Collector's Edition
2013-07-30 23:07 . 2013-07-30 23:07    --------    d-----w-    c:\program files (x86)\Microsoft WSE
2013-07-30 23:03 . 2013-08-07 18:03    --------    d-----w-    c:\program files (x86)\Electronic Arts
2013-07-29 19:01 . 2013-07-29 19:11    --------    d-----w-    c:\program files (x86)\Business Card Designer
2013-07-28 09:54 . 2013-07-28 09:54    --------    d-----w-    c:\users\W@Z@L\AppData\Local\Boss
2013-07-28 09:44 . 2013-07-28 09:54    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\ITB
2013-07-27 03:28 . 2013-07-27 03:28    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED02DCDA-FFD0-4D2B-BED7-E6998DEC4240}\gapaengine.dll
2013-07-27 03:25 . 2013-07-27 03:25    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-07-27 03:25 . 2013-07-27 03:25    --------    d-----w-    c:\program files\Microsoft Security Client
2013-07-26 03:53 . 2013-07-26 03:53    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\.mono
2013-07-26 03:42 . 2013-07-26 14:08    --------    d-----w-    c:\program files (x86)\KSP_win
2013-07-25 04:58 . 2004-03-29 21:23    90112    ----a-w-    c:\windows\unvise32.exe
2013-07-25 04:56 . 2013-07-25 11:57    --------    d-----w-    c:\program files (x86)\The Logo Creator v5
2013-07-25 04:51 . 2013-07-25 04:51    --------    d-----w-    c:\users\W@Z@L\AppData\Roaming\LogoMaker
2013-07-25 04:47 . 2013-07-25 04:47    --------    d-----w-    c:\program files (x86)\Studio V5
2013-07-24 17:22 . 2013-07-24 17:22    --------    d-----w-    C:\Riot Games
2013-07-24 08:54 . 2013-07-24 08:54    --------    d-----w-    c:\program files (x86)\PingPlotter Pro
2013-07-23 00:05 . 2013-07-23 00:05    --------    d-----w-    c:\program files (x86)\Borland
2013-07-22 03:02 . 2013-07-22 03:02    --------    d-----w-    c:\users\W@Z@L\AppData\Local\Facebook
2013-07-21 21:07 . 2013-07-21 21:07    --------    d-----w-    c:\programdata\Cateia Games
2013-07-21 21:06 . 2013-07-21 21:06    --------    d-----w-    c:\program files (x86)\SmallGames
2013-07-21 21:05 . 2013-07-21 21:06    --------    d-----w-    c:\program files\Java
2013-07-21 21:05 . 2013-07-21 21:05    --------    d-----w-    c:\program files (x86)\Kingdom Tales HD
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-19 13:43 . 2009-07-13 23:55    332288    ----a-w-    c:\windows\system32\uxtheme.dll
2013-08-19 13:43 . 2010-11-21 03:23    2851840    ----a-w-    c:\windows\system32\themeui.dll
2013-08-19 13:43 . 2009-07-13 23:54    44544    ----a-w-    c:\windows\system32\themeservice.dll
2013-08-15 08:00 . 2013-05-16 20:10    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-07-22 18:22 . 2013-05-16 23:24    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 18:22 . 2013-05-16 23:24    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 11:32    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-06-21 12:06 . 2013-05-16 20:09    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-05-16 20:09    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-02-26 05:32    2597856    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-26 05:32    12427240    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-26 05:32    2936208    ----a-w-    c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-26 05:32    15144928    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-02-26 05:32    1059560    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-02-26 05:32    27781920    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-02-26 05:32    15920536    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-06-21 12:06 . 2013-02-26 05:32    13411896    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 10:23 . 2013-05-16 20:09    6496544    ----a-w-    c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-05-16 20:09    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-05-16 20:09    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-05-16 20:09    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-05-16 20:09    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-05-16 20:09    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-06-21 10:16 . 2013-06-21 10:16    566048    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-06-20 04:17 . 2013-05-16 20:09    3253909    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-06-19 02:50 . 2013-06-19 02:50    247216    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-06-19 02:50 . 2013-06-19 02:50    139616    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-15 23:05 . 2013-05-16 21:26    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-06-10 16:12 . 2013-06-10 16:12    53248    ----a-r-    c:\users\W@Z@L\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-06-05 03:34 . 2013-07-10 09:14    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 09:14    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 09:14    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-05-31 08:52 . 2013-05-31 08:52    20024    ----a-w-    c:\windows\system32\drivers\iusb3hcs.sys
2013-05-31 08:52 . 2013-05-31 08:52    1721576    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2013-05-31 08:52 . 2013-05-31 08:52    20520    ----a-w-    c:\windows\system32\drivers\UVCFTR_S.SYS
2013-05-31 08:51 . 2013-05-31 08:51    953344    ----a-w-    c:\windows\system32\fdco2.dll
2013-05-31 08:51 . 2013-05-31 08:51    349416    ----a-w-    c:\windows\system32\drivers\nvmf6264.sys
2013-05-31 08:51 . 2013-05-31 08:51    229480    ----a-w-    c:\windows\system32\nvconrm.dll
2013-05-31 08:38 . 2013-05-31 08:38    1832224    ----a-w-    c:\windows\system32\nvdispco6432018.dll
2013-05-31 08:38 . 2013-05-31 08:38    1511712    ----a-w-    c:\windows\system32\nvdispgenco6432018.dll
2013-05-31 08:30 . 2013-05-31 08:30    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-05-31 08:30 . 2013-05-31 08:30    194848    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-05-31 08:30 . 2013-02-18 14:22    1510176    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\W@Z@L\AppData\Roaming\uTorrent\uTorrent.exe" [2013-08-14 888152]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2013-02-11 7203712]
"Facebook Update"="c:\users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-23 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"bdruninstaller"="c:\program files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" [2013-04-30 676568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 ALSysIO;ALSysIO;c:\users\W@Z@L\AppData\Local\Temp\ALSysIO64.sys;c:\users\W@Z@L\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
S3 IvtAudioBusSrv;IvtAudioBusSrv;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
S3 IvtComBusSrv;IvtComBusSrv;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
S3 IvtPanBusSrv;IvtPanBusSrv;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v3.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 17:46    454176    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 00:28    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 18:22]
.
2013-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-607074098-644144689-4247344519-1000Core.job
- c:\users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-22 16:56]
.
2013-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-607074098-644144689-4247344519-1000Core1ce87c58d06ef00.job
- c:\users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-22 16:56]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-17 00:39]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-17 00:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-11-26 20:47    2732680    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-11-26 20:47    2732680    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-11-26 20:47    2732680    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-02-28 7468784]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-07-02 11:03; jid1-zlXnEvw93j6qAA@jetpack; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid1-zlXnEvw93j6qAA@jetpack.xpi
FF - ExtSQL: 2013-07-03 08:12; {7b1bf0b6-a1b9-42b0-b75d-252036438bdc}; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}
FF - ExtSQL: 2013-07-03 08:17; youtubeunblocker@unblocker.yt; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\youtubeunblocker@unblocker.yt.xpi
FF - ExtSQL: 2013-07-03 08:19; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-07-03 08:26; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2013-07-03 08:28; youtube2mp3@mondayx.de; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\youtube2mp3@mondayx.de.xpi
FF - ExtSQL: 2013-07-10 03:15; savedpasswordeditor@daniel.dawson; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\savedpasswordeditor@daniel.dawson.xpi
FF - ExtSQL: 2013-07-10 03:22; elemhidehelper@adblockplus.org; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-07-19 07:02; fbdislike@doweb.fr; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\fbdislike@doweb.fr.xpi
FF - ExtSQL: 2013-07-19 07:03; jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack.xpi
FF - ExtSQL: 2013-07-19 07:04; jid1-CGrc5dzo0BPqQw@jetpack; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid1-CGrc5dzo0BPqQw@jetpack.xpi
FF - ExtSQL: 2013-07-19 07:05; jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi
FF - ExtSQL: 2013-08-19 12:40; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2013-08-19 15:43; YoutubeDownloader@PeterOlayev.com; c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF - ExtSQL: !HIDDEN! 2013-05-19 12:11; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-RGlzaG9ub3JlZA==_is1 - c:\program files (x86)\Dishonored\unins000.exe
AddRemove-WYSIWYG_Web_Builder_8 - c:\windows\iun6002.exe
AddRemove-{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1 - c:\program files (x86)\SureThing CD Labeler 5\unins000.exe
.
.
.
Completion time: 2013-08-20  11:40:28
ComboFix-quarantined-files.txt  2013-08-20 16:40
ComboFix2.txt  2013-08-17 03:46
.
Pre-Run: 52,333,760,512 bytes free
Post-Run: 52,154,368,000 bytes free
.
- - End Of File - - D3244983D28775381F83C81B9E5C5229
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Classroom Spy Professional   
 Java 7 Update 21  
 Java SE Development Kit 7 Update 21
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1)
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 AM

Posted 21 August 2013 - 12:32 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 21

Remove also this old version of Flash
Adobe Flash Player 10

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Open notepad and copy/paste the text in the quote box below into it:
 
Files::
FF - ExtSQL: 2013-07-02 11:03; jid1-zlXnEvw93j6qAA@jetpack; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid1-zlXnEvw93j6qAA@jetpack.xpi
FF - ExtSQL: 2013-07-19 07:03; jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack.xpi
FF - ExtSQL: 2013-07-19 07:04; jid1-CGrc5dzo0BPqQw@jetpack; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid1-CGrc5dzo0BPqQw@jetpack.xpi
FF - ExtSQL: 2013-07-19 07:05; jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack; C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\nz1qnlxd.default\extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

Edited by nasdaq, 22 August 2013 - 08:36 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users