Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.com pop-up window, programs disabled.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Christopher Begay

Christopher Begay

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 03 December 2013 - 10:45 AM

  Once my computer has finished starting up, the desktop is flooded with pop-up windows (10-15) which all ask the same question "Will you allow the following program from an unknown publisher to make changes to your computer: svchost.com.". If I try to access any program on my computer, this window will re-appear and stop the program from running. I have even lost access to my anti-virus software and all security programs on my computer.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.21.2
Run by Chris at 9:30:50 on 2013-12-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.6142.4285 [GMT -5:00]
.
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Total Defense Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe
C:\Windows\SysWow64\cfgmig32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\TOTALD~1\INTERN~1\casc.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3316529&octid=CT3316529&SearchSource=61&CUI=UN40542932783351307&UM=2&UP=SPFBCFFA99-D814-4979-AC33-6AEAD548154B
uProxyOverride = <local>
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uURLSearchHooks: {8c5878d0-6106-423b-aaa8-144c143dbf44} - <orphaned>
uWinlogon: Shell = explorer.exe,C:\Users\Chris\AppData\Roaming\cache.dat
mWinlogon: Userinit = userinit.exe
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Chris\AppData\Roaming\Complitly\Complitly.dll
BHO: Plus-HD-1.3: {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Chris\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Chris\AppData\Local\TopArcadeHits\Toparcadehits.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} - 
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - 
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} - 
uRun: [Wisdom-soft ScreenHunter 6.0 Pro] 0
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [SearchProtect] C:\Users\Chris\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [Yontoo Desktop] "C:\Users\Chris\AppData\Roaming\Yontoo\YontooDesktop.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [taskhost] rundll32 "C:\Users\Chris\AppData\Roaming\Microsoft\Windows\taskhost.dll",_EntryPoint_RunDll32@16
uRun: [Akamai NetSession Interface] "C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe"
uRun: [2320633bbd5b9c41d628d6d2b760a34d] "C:\Users\Chris\AppData\Local\Temp\System32.exe" ..
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [08f4dc96bbb7af09d1a37fe35c75a42f] "C:\Users\Chris\AppData\Local\Temp\explorer.exe" ..
uRun: [39396519fcb83bfbe916d216db0cb897] "C:\Users\Chris\AppData\Local\Temp\rar.exe" ..
uRun: [5cd8f17f4086744065eb0992a09e05a2] "C:\Users\Chris\AppData\Local\Temp\Trojan.exe" ..
uRun: [75f82018084b94aa774710e365e8ad5a] "C:\Users\Chris\AppData\Roaming\ChromeErrorReport.exe" ..
uRun: [88b7da58a3e62f24b08f565445b53900] "C:\Users\Chris\windows.exe" ..
uRun: [8e0cbb43fdf473ab5dd2ea27a6f717d7] "C:\Users\Chris\AppData\Local\Temp\Lhost.exe" ..
uRun: [6028eace21edca779c427d29f5646e96] "C:\Users\Chris\AppData\Local\Temp\Avira.exe" ..
uRun: [tsxmshtkfx] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\tsxmshtkfx.vbs"
uRun: [gfjfuusseo] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\gfjfuusseo.vbs"
uRun: [9975759809ee69cc2d0562054d998149] "C:\Users\Chris\AppData\Local\Temp\skype.exe" ..
uRun: [8515eb34d8f9de5af815466e9715b3e5] "C:\Users\Chris\AppData\Roaming\Trojan.exe" ..
uRun: [a42096b41123f02038373176f78d553d] "C:\Users\Chris\AppData\Local\Temp\Programme.exe" ..
uRun: [ba4c12bee3027d94da5c81db2d196bfd] "C:\Users\Chris\AppData\Local\Temp\svchost.exe" ..
uRun: [d5a38e9b5f206c41f8851bf04a251d26] "C:\Users\Chris\AppData\Local\Temp\chrome.exe" ..
uRun: [93f19dda2412c86ad7520ba4198f39a0] "C:\Users\Chris\AppData\Roaming\explorer.exe" ..
uRun: [55b3825ee39ada2fcddf7c7accbde69e] "C:\Users\Chris\AppData\Local\Temp\Windows.exe" ..
uRun: [603a6badadea29a9eca7c9e6400ea5f3] "C:\Users\Chris\AppData\Roaming\isco.exe" ..
uRun: [cd9e051ed80df1a0c0b000059793bab8] "C:\ProgramData\Trojan.exe" ..
uRun: [3e63a938db09de6e11954fd8f4787926] "C:\Users\Chris\AppData\Local\Temp\flash player11.exe" ..
uRun: [f9be75c5023d5e25b0bbaa6b68899d2b] "C:\Users\Chris\AppData\Local\Temp\firefox.exe" ..
uRun: [bf25ebda9ed415e6c3415d91d576c00c] "C:\Users\Chris\AppData\Local\Temp\Yahoo.exe" ..
uRun: [1823db243d8a00bc4e3d65056e83d2e1] "C:\Users\Chris\AppData\Local\Temp\hala.exe" ..
uRun: [12ba4be530498a67db271b27becb770b] "C:\Users\Chris\AppData\Local\Temp\google chrome.exe" ..
uRun: [2d697d22e0ded1a6c04cb545d5d58e26] "C:\Users\Chris\AppData\Local\Temp\taskgen.exe" ..
uRun: [MicroUpdate] C:\Users\Chris\Documents\MSDCSC\gxTSXhiacT5L\msdcsc.exe
uRun: [HKCU] C:\Users\Chris\AppData\Local\Temp\AKTFDR~1.EXE
uRun: [8c80ffbd51e41630349ef9ea87666f9a] "C:\Users\Chris\AppData\Local\Temp\avg.exe" ..
uRun: [9b3790d0786169b89c2db575118b0801] "C:\Users\Chris\AppData\Local\Temp\uptaetgoogle.exe" ..
uRun: [AdobeART] C:\Users\Chris\AppData\Roaming\AdobeART.exe
uRun: [6dc30988224150809478ca2bf8cd9a7b] "C:\ProgramData\otmix.exe" ..
uRun: [35d1703cd61867afaf567473dc316f87] "C:\Users\Chris\AppData\Local\Temp\svhost.exe" ..
uRun: [cwwczvpknx] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\cwwczvpknx.vbs"
uRun: [npsjstiapm] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\npsjstiapm.vbs"
uRun: [7b4b90d3d0be2a88320e80dc177d8094] "C:\Users\Chris\AppData\Local\Temp\Qm.exe" ..
uRun: [agqosyycln] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\agqosyycln.vbs"
uRun: [bmasduopgo] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\bmasduopgo.vbs"
uRun: [wudrbtoebv] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\wudrbtoebv..vbs"
uRun: [67611c5f64c1fcf443e5277686992ce9] "C:\Users\Chris\AppData\Roaming\JAVA.exe" ..
uRun: [62f00c82a37b33467bb96c0d990a9c47] "C:\ProgramData\xxx.exe" ..
uRun: [2a2a04832a826e930d8d38e40ff1594c] "C:\Users\Chris\avast.exe" ..
uRun: [8eda1783e4170af7d2dd12d6f2c6f6a1] "C:\Users\Chris\AppData\Local\Temp\123.exe" ..
uRun: [539d4d0efb6c5527f7eb2a65f9bc1207] "C:\Users\Chris\AppData\Local\Temp\wn32.exe" ..
uRun: [sdasioqzsu] wscript.exe //B "C:\Users\Chris\AppData\Roaming\sdasioqzsu.vbs"
uRun: [d581707eea2fc69e0b4186a3ab299167] "C:\Users\Chris\AppData\Roaming\husiin.exe" ..
uRun: [ca6ff4fc9d6b2752fedce063008c697a] "C:\Users\Chris\AppData\Local\Temp\explore.exe" ..
uRun: [fe3ae9fb5206cf49d6fc22975e956780] "C:\Users\Chris\AppData\Local\Temp\neww.exe" ..
uRun: [dae31c02cb06222e776b9ccb9207edb1] "C:\Users\Chris\AppData\Roaming\system.exe" ..
uRun: [mhxwktielt] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\mhxwktielt.vbs"
uRun: [jjwvnvrirf] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\jjwvnvrirf.vbs"
uRun: [nxazkfekfd] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\nxazkfekfd.vbs"
uRun: [be5a0f6f89be4e6a3a5710ea405db1f0] "C:\Users\Chris\AppData\Local\Temp\svshostt.exe" ..
uRun: [a08a3e6b90bdbc3312f555e5b7a5b57b] "C:\Users\Chris\AppData\Local\Temp\Explorerr.exe" ..
uRun: [njmlrpsmlz] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\njmlrpsmlz.vbs"
uRun: [cc2e20a4c69851daf0922d32d011ace9] "C:\Users\Chris\AppData\Local\Temp\systtem.exe" ..
uRun: [66a57a4a6e48da28e09699966ed918d2] "C:\ProgramData\internet2.exe" ..
uRun: [f6832a32dae6f58829a4195dbe813c84] "C:\Users\Chris\Google.exe" ..
uRun: [4c202c3f5cd3032cfbfd4b11de33d6ad] "C:\Users\Chris\AppData\Local\Temp\Epsp.exe" ..
uRun: [tuejrqtwzi] "C:\Users\Chris\AppData\Local\Temp\tuejrqtwzi..vbs"
uRun: [ff303586d19cc6ab8beff5cc0f62006f] "C:\Users\Chris\AppData\Roaming\updaut2.exe" ..
uRun: [TUEJRQ~1] "C:\Users\Chris\AppData\Local\Temp\TUEJRQ~1.VBS"
uRun: [5742b294151158b3247c703150fc25bf] "C:\Users\Chris\AppData\Local\Temp\Windos.exe" ..
uRun: [Virus] C:\Users\Chris\AppData\Roaming\hack facebook.exe
uRun: [Servieca.vbs] "C:\Users\Chris\AppData\Local\Temp\Servieca.vbs"
uRun: [qglugfmikx] "C:\Users\Chris\AppData\Local\Temp\qglugfmikx..vbs"
uRun: [QGLUGF~1] "C:\Users\Chris\AppData\Local\Temp\QGLUGF~1.VBS"
uRun: [322a113a0a0b457a5a02ba1f6c64c916] "C:\Users\Chris\AppData\Roaming\winRaR.exe" ..
uRun: [3ce46044351feae73e1db2687986be49] "C:\ProgramData\msn messenger.exe" ..
uRun: [a5187f3603243d484b81c49836b65d36] "C:\Users\Chris\AppData\Local\Temp\DeLL.exe" ..
uRun: [microsofto] "C:\Users\Chris\AppData\Local\Temp\microsofto.exe" ..
uRun: [81c158a2010653b42b6c1a9a749807e1] "C:\Users\Chris\AppData\Local\Temp\refowserv.exe" ..
uRun: [7c19dbad7d9742a06f22744993e7ad5e] "C:\Users\Chris\AppData\Local\Temp\winara.exe" ..
uRun: [192064d106a100ecbbdd643db1379bc9] "C:\Users\Chris\AppData\Local\Temp\daita.exe" ..
uRun: [abc4777d1974c14fce031c2da660af18] "C:\Users\Chris\AppData\Local\Temp\(^_^).exe" ..
uRun: [bd461fa385e167a1593a4344744311fa] "C:\Users\Chris\AppData\Local\Temp\llllllllllllll.exe" ..
uRun: [45ca55fc1756e880072f0dde4455397b] "C:\Users\Chris\AppData\Local\Temp\win32.exe" ..
uRun: [301b5fcf8ce2fab8868e80b6c1f912fe] "C:\Users\Chris\AppData\Local\Temp\System.exe" ..
uRun: [amlxtstftc] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\amlxtstftc.vbs"
uRun: [b26e4af86219a548e07c1e42af04ad7f] "C:\Users\Chris\AppData\Local\Temp\xkibechhjv.exe" ..
uRun: [9adfdffd788da9e05bd39564d5ce09e2] "C:\Users\Chris\AppData\Local\Temp\winds4.exe" ..
uRun: [6f357c447d27f0f26116604e025fb6db] "C:\Users\Chris\AppData\Roaming\iexplorern.exe" ..
uRun: [XuNZNLFXUqalq] C:\Users\Chris\AppData\Roaming\XuNZNLFXUqalq.exe
uRun: [ad76a6098df431046ffdf41b1a2ed40a] "C:\ProgramData\svchost.exe" ..
uRun: [2862c7daef3366c68347d8d41a43ba82] "C:\Users\Chris\AppData\Local\Temp\santana fx mediaplayer dup.exe" ..
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun: [kakakrotte] C:\Users\Chris\Documents\BitLord\3D SexVilla2-Everlust-132.001-EN-Setup\Output.exe
mRun: [tsxmshtkfx] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\tsxmshtkfx.vbs"
mRun: [gfjfuusseo] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\gfjfuusseo.vbs"
mRun: [wudrbtoebv] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\wudrbtoebv..vbs"
mRun: [sdasioqzsu] wscript.exe //B "C:\Users\Chris\AppData\Roaming\sdasioqzsu.vbs"
mRun: [2a2a04832a826e930d8d38e40ff1594c] "C:\Users\Chris\avast.exe" ..
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08f4dc96bbb7af09d1a37fe35c75a42f.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\12ba4be530498a67db271b27becb770b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1823db243d8a00bc4e3d65056e83d2e1.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2862c7daef3366c68347d8d41a43ba82.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a2a04832a826e930d8d38e40ff1594c.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d697d22e0ded1a6c04cb545d5d58e26.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\35d1703cd61867afaf567473dc316f87.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\39396519fcb83bfbe916d216db0cb897.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3ce46044351feae73e1db2687986be49.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3e63a938db09de6e11954fd8f4787926.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\45ca55fc1756e880072f0dde4455397b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c202c3f5cd3032cfbfd4b11de33d6ad.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\55b3825ee39ada2fcddf7c7accbde69e.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5742b294151158b3247c703150fc25bf.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\603a6badadea29a9eca7c9e6400ea5f3.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\62f00c82a37b33467bb96c0d990a9c47.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\66a57a4a6e48da28e09699966ed918d2.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\67611c5f64c1fcf443e5277686992ce9.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\67768d811366a615bdc984736c23386c.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6dc30988224150809478ca2bf8cd9a7b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6f357c447d27f0f26116604e025fb6db.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\75f82018084b94aa774710e365e8ad5a.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7c19dbad7d9742a06f22744993e7ad5e.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81c158a2010653b42b6c1a9a749807e1.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8515eb34d8f9de5af815466e9715b3e5.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\93f19dda2412c86ad7520ba4198f39a0.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9975759809ee69cc2d0562054d998149.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9adfdffd788da9e05bd39564d5ce09e2.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9b3790d0786169b89c2db575118b0801.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a08a3e6b90bdbc3312f555e5b7a5b57b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ad76a6098df431046ffdf41b1a2ed40a.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agqosyycln.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amlxtstftc.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bd461fa385e167a1593a4344744311fa.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\be5a0f6f89be4e6a3a5710ea405db1f0.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bf25ebda9ed415e6c3415d91d576c00c.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bmasduopgo.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cc2e20a4c69851daf0922d32d011ace9.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwwczvpknx.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d581707eea2fc69e0b4186a3ab299167.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d5a38e9b5f206c41f8851bf04a251d26.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dae31c02cb06222e776b9ccb9207edb1.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f6832a32dae6f58829a4195dbe813c84.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9be75c5023d5e25b0bbaa6b68899d2b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fe3ae9fb5206cf49d6fc22975e956780.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff303586d19cc6ab8beff5cc0f62006f.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gfjfuusseo.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jjwvnvrirf.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maram023.scr
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mhxwktielt.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\microsofto.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\njmlrpsmlz.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\npsjstiapm.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxazkfekfd.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qglugfmikx..vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QGLUGF~1.VBS
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdasioqzsu.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Servieca.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsxmshtkfx.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuejrqtwzi..vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TUEJRQ~1.VBS
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virus.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wudrbtoebv..vbs
uPolicies-Explorer: NoFileMenu = dword:1
uPolicies-Explorer: TaskbarNoNotification = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoCustomizeThisFolder = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispScrSavPage = dword:1
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-System: NoVirtMemPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{515A2CAE-14BA-40D6-97EA-A6E5A3E18361} : DHCPNameServer = 64.71.255.204 64.71.255.198
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs=    
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Chris\AppData\Roaming\Complitly\64\Complitly64.dll
x64-BHO: Plus-HD-1.3: {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll
x64-BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - 
x64-TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [cctray] "C:\Program Files\Total Defense\Internet Security Suite\casc.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316529&CUI=UN70469115241222041&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Vafmusic2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3316529&octid=CT3316529&SearchSource=61&CUI=UN70469115241222041&UM=2&UP=SPFBCFFA99-D814-4979-AC33-6AEAD548154B
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3293216&SearchSource=2&CUI=UN26721931921071615&UM=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{73507124-6acd-43aa-b749-c3bcfefbea97}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{73507124-6acd-43aa-b749-c3bcfefbea97}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{8a184644-a171-4b05-bc9a-28d75ffc9505}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{8a184644-a171-4b05-bc9a-28d75ffc9505}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
FF - ExtSQL: 2013-10-21 03:45; addon@defaulttab.com; C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-10-21 03:46; {7f3f960e-a836-45ca-8911-0accb522246e}; C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 41b1a2bf-b64b-40e0-8bc7-046b199ec755
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R2 CAAMSvc;CAAMSvc;C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\CAAMSvc.exe [2012-9-18 313040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2013-10-9 265736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\System32\drivers\stdriver64.sys [2012-5-10 103512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-19 111616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]
.
=============== File Associations ===============
.
FileExt: .exe: exefile=C:\Windows\svchost.com "%1" %*
.
=============== Created Last 30 ================
.
2013-12-03 14:16:08 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5A4A2C3-C0E7-488A-8DEB-0CC49411C049}\offreg.dll
2013-12-02 10:09:22 -------- d-----w- C:\Program Files (x86)\Gazillion Entertainment
2013-12-02 02:00:43 -------- d-----w- C:\ProgramData\Solid State Networks
2013-12-02 01:56:55 506728 ----a-w- C:\Windows\System32\d3dx10_33.dll
2013-12-02 01:56:55 443752 ----a-w- C:\Windows\SysWow64\d3dx10_33.dll
2013-12-02 01:56:55 1400176 ----a-w- C:\Windows\System32\D3DCompiler_33.dll
2013-12-02 01:56:55 1123696 ----a-w- C:\Windows\SysWow64\D3DCompiler_33.dll
2013-12-02 01:56:53 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll
2013-12-02 01:56:53 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2013-11-23 10:52:26 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5A4A2C3-C0E7-488A-8DEB-0CC49411C049}\mpengine.dll
2013-11-23 08:05:26 86 ----a-w- C:\Windows\directx.sys
2013-11-22 21:34:01 41472 ----a-w- C:\Windows\svchost.com
2013-11-22 21:26:21 296693 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virus.exe
2013-11-22 20:57:15 356628 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maram023.scr
2013-11-22 20:46:47 90624 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2862c7daef3366c68347d8d41a43ba82.exe
2013-11-22 20:30:11 471 ----a-w- C:\ProgramData\svchost.exe.tmp
2013-11-22 20:27:34 29696 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ad76a6098df431046ffdf41b1a2ed40a.exe
2013-11-22 20:26:30 29696 ----a-w- C:\ProgramData\svchost.exe
2013-11-22 20:25:43 29696 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe
2013-11-22 13:59:24 414208 ----a-w- C:\Users\Chris\AppData\Roaming\XuNZNLFXUqalq.exe
2013-11-22 13:52:38 90 ----a-w- C:\Users\Chris\AppData\Roaming\iexplorern.exe.tmp
2013-11-22 13:51:52 356352 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6f357c447d27f0f26116604e025fb6db.exe
2013-11-22 13:50:52 356352 ----a-w- C:\Users\Chris\AppData\Roaming\iexplorern.exe
2013-11-22 13:49:12 4513 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Servieca.vbs
2013-11-22 13:48:59 93012 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qglugfmikx..vbs
2013-11-22 13:48:55 73201 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsxmshtkfx.vbs
2013-11-22 13:48:55 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jjwvnvrirf.vbs
2013-11-22 13:48:46 93012 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuejrqtwzi..vbs
2013-11-22 13:48:46 93012 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TUEJRQ~1.VBS
2013-11-22 13:48:32 93012 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QGLUGF~1.VBS
2013-11-22 12:01:30 104448 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9adfdffd788da9e05bd39564d5ce09e2.exe
2013-11-22 11:09:38 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amlxtstftc.vbs
2013-11-22 09:58:34 317440 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\45ca55fc1756e880072f0dde4455397b.exe
2013-11-21 12:50:02 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7c19dbad7d9742a06f22744993e7ad5e.exe
2013-11-21 12:34:38 284160 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81c158a2010653b42b6c1a9a749807e1.exe
2013-11-20 10:05:40 12164 ----a-w- C:\ProgramData\otmix.exe.tmp
2013-11-20 10:05:32 8626 ----a-w- C:\ProgramData\xxx.exe.tmp
2013-11-20 10:05:32 20520 ----a-w- C:\ProgramData\Trojan.exe.tmp
2013-11-19 21:03:35 881 ----a-w- C:\Users\Chris\AppData\Roaming\otmix.exe.tmp
2013-11-19 08:02:09 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-11-19 08:01:50 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-11-19 08:01:50 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-11-19 08:01:50 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-11-19 08:01:43 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-19 08:01:43 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-19 07:32:43 2809 ----a-w- C:\ProgramData\msn messenger.exe.tmp
2013-11-19 07:32:22 29184 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3ce46044351feae73e1db2687986be49.exe
2013-11-19 07:31:35 29184 ----a-w- C:\ProgramData\msn messenger.exe
2013-11-18 21:36:00 179712 ----a-w- C:\Users\Chris\AppData\Roaming\winRaR.exe
2013-11-18 20:52:38 595 ----a-w- C:\Users\Chris\nj.exe.tmp
2013-11-18 15:06:41 296693 ----a-w- C:\Users\Chris\AppData\Roaming\hack facebook.exe
2013-11-18 13:08:27 29696 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5742b294151158b3247c703150fc25bf.exe
2013-11-17 21:14:40 4272 ----a-w- C:\Users\Chris\AppData\Roaming\updaut2.exe.tmp
2013-11-17 21:14:17 88064 ----a-w- C:\Users\Chris\AppData\Roaming\updaut2.exe
2013-11-17 21:14:17 88064 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff303586d19cc6ab8beff5cc0f62006f.exe
2013-11-17 20:42:34 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c202c3f5cd3032cfbfd4b11de33d6ad.exe
2013-11-17 20:04:59 770384 ----a-w- C:\ProgramData\msvcr100.dll
2013-11-17 20:04:59 421200 ----a-w- C:\ProgramData\msvcp100.dll
2013-11-17 20:04:59 1914264 ----a-w- C:\ProgramData\nss3.dll
2013-11-16 21:06:50 4989 ----a-w- C:\Users\Chris\Google.exe.tmp
2013-11-16 21:06:30 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f6832a32dae6f58829a4195dbe813c84.exe
2013-11-16 21:06:29 86016 ----a-w- C:\Users\Chris\Google.exe
2013-11-16 12:39:09 4660 ----a-w- C:\ProgramData\internet2.exe.tmp
2013-11-16 12:38:45 86016 ----a-w- C:\ProgramData\internet2.exe
2013-11-16 12:31:04 29184 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cc2e20a4c69851daf0922d32d011ace9.exe
2013-11-16 11:39:06 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\njmlrpsmlz.vbs
2013-11-16 10:47:17 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\be5a0f6f89be4e6a3a5710ea405db1f0.exe
2013-11-16 10:19:32 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxazkfekfd.vbs
2013-11-15 21:16:45 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mhxwktielt.vbs
2013-11-15 13:37:06 5328 ----a-w- C:\Users\Chris\AppData\Roaming\system.exe.tmp
2013-11-15 13:36:44 86016 ----a-w- C:\Users\Chris\AppData\Roaming\system.exe
2013-11-15 13:36:44 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dae31c02cb06222e776b9ccb9207edb1.exe
2013-11-15 13:08:18 29184 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fe3ae9fb5206cf49d6fc22975e956780.exe
2013-11-15 13:01:49 6822 ----a-w- C:\Users\Chris\AppData\Roaming\husiin.exe.tmp
2013-11-15 13:01:30 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d581707eea2fc69e0b4186a3ab299167.exe
2013-11-15 13:01:30 86016 ----a-w- C:\Users\Chris\AppData\Roaming\husiin.exe
2013-11-15 09:10:42 14267 ----a-w- C:\Users\Chris\AppData\Roaming\sdasioqzsu.vbs
2013-11-15 09:10:42 14267 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdasioqzsu.vbs
2013-11-12 05:12:05 -------- d-----w- C:\Program Files (x86)\Plus-HD-1.3
2013-11-12 05:12:01 -------- d-----w- C:\Program Files (x86)\VideoPlayer
2013-11-11 21:09:22 11480 ----a-w- C:\Users\Chris\avast.exe.tmp
2013-11-11 21:09:02 165888 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a2a04832a826e930d8d38e40ff1594c.exe
2013-11-11 21:08:33 165888 ----a-w- C:\Users\Chris\avast.exe
2013-11-11 21:04:29 846 ----a-w- C:\Users\Chris\AppData\Roaming\test.exe.tmp
2013-11-11 20:59:38 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\62f00c82a37b33467bb96c0d990a9c47.exe
2013-11-11 20:59:38 86016 ----a-w- C:\ProgramData\xxx.exe
2013-11-11 20:48:35 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\67611c5f64c1fcf443e5277686992ce9.exe
2013-11-11 20:48:34 86016 ----a-w- C:\Users\Chris\AppData\Roaming\JAVA.exe
2013-11-11 13:15:03 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wudrbtoebv..vbs
2013-11-11 12:44:23 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bmasduopgo.vbs
2013-11-11 12:36:19 770384 ----a-w- C:\Users\Chris\msvcr100.dll
2013-11-11 12:36:19 421200 ----a-w- C:\Users\Chris\msvcp100.dll
2013-11-11 12:36:19 1914264 ----a-w- C:\Users\Chris\nss3.dll
2013-11-11 12:35:36 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agqosyycln.vbs
2013-11-11 10:12:32 -------- d-----w- C:\ProgramData\Screaming Bee
2013-11-10 21:26:06 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\npsjstiapm.vbs
2013-11-10 21:21:44 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwwczvpknx.vbs
2013-11-10 21:17:08 9873 ----a-w- C:\Users\Chris\hkcmd.exe.tmp
2013-11-10 12:25:38 355328 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\35d1703cd61867afaf567473dc316f87.exe
2013-11-10 12:12:06 -------- d-----w- C:\Program Files (x86)\ AV Vcs 7.0
2013-11-10 11:56:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\Avnex
2013-11-10 11:41:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\Screaming Bee
2013-11-09 14:02:50 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6dc30988224150809478ca2bf8cd9a7b.exe
2013-11-09 14:02:49 86016 ----a-w- C:\ProgramData\otmix.exe
2013-11-09 12:56:52 18432 ----a-w- C:\Users\Chris\AppData\Roaming\AdobeART.exe
2013-11-09 11:56:49 199680 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9b3790d0786169b89c2db575118b0801.exe
2013-11-09 10:09:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\InstallDir
2013-11-08 21:25:03 220672 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d697d22e0ded1a6c04cb545d5d58e26.exe
2013-11-05 12:42:01 346 ----a-w- C:\ProgramData\explorer.exe.tmp
2013-11-04 23:52:55 9521 ----a-w- C:\Users\Chris\AppData\Roaming\JAVA.exe.tmp
2013-11-04 10:55:45 1036 ----a-w- C:\Users\Chris\AppData\Roaming\trosystem.exe.tmp
2013-11-04 09:12:39 900 ----a-w- C:\Users\Chris\explorer.exe.tmp
.
==================== Find3M  ====================
.
2013-11-28 07:25:41 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Trojan.exe
2013-11-28 07:25:37 86016 ----a-w- C:\Users\Chris\AppData\Roaming\isco.exe
2013-11-28 07:25:37 86016 ----a-w- C:\Users\Chris\AppData\Roaming\explorer.exe
2013-11-23 09:11:41 20511 ----a-w- C:\Users\Chris\AppData\Roaming\Trojan.exe.tmp
2013-11-23 09:11:41 20506 ----a-w- C:\Users\Chris\AppData\Roaming\isco.exe.tmp
2013-11-23 09:11:35 20502 ----a-w- C:\Users\Chris\windows.exe.tmp
2013-11-23 09:11:35 20494 ----a-w- C:\Users\Chris\AppData\Roaming\explorer.exe.tmp
2013-11-23 09:10:36 5056 ----a-w- C:\Users\Chris\AppData\Roaming\winRaR.exe.tmp
2013-11-23 08:09:52 515072 ----a-w- C:\Users\Chris\AppData\Roaming\ChromeErrorReport.exe
2013-11-23 08:05:27 3823686 ----a-w- C:\chatzum_nt.exe
2013-11-22 21:31:53 20218 ----a-w- C:\Users\Chris\AppData\Roaming\ChromeErrorReport.exe.tmp
2013-11-22 21:00:26 461026 ----a-w- C:\Users\Chris\AppData\Roaming\satoolbar.exe
2013-11-22 21:00:22 499261 ----a-w- C:\Users\Chris\AppData\Roaming\fdm-setup.exe
2013-11-22 21:00:22 484032 ----a-w- C:\Users\Chris\AppData\Roaming\fdmer.exe
2013-11-22 21:00:21 566784 ----a-w- C:\Users\Chris\AppData\Roaming\bsetter-own.exe
2013-11-19 08:02:09 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-11-11 10:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-06 21:38:24 1467 ----a-w- C:\Users\Chris\AppData\Roaming\System32.exe.tmp
2013-11-06 21:38:13 1364 ----a-w- C:\Users\Chris\AppData\Roaming\Windows.exe.tmp
2013-11-03 12:31:29 44544 ----a-w- C:\Users\Chris\AppData\Roaming\Chrome
2013-10-29 10:55:02 115315 ----a-w- C:\Windows\SysWow64\%TEMP%.exe
2013-10-28 20:50:50 29696 ----a-w- C:\ProgramData\Trojan.exe
2013-10-26 10:21:19 29696 ----a-w- C:\Users\Chris\AppData\Roaming\Windows.exe
2013-10-22 20:23:05 29696 ----a-w- C:\Users\Chris\windows.exe
2013-10-21 21:36:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-21 21:36:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-21 07:43:53 420944 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 05:19:43 2535824 ----a-w- C:\Windows\System32\winsflt.dll
2013-10-09 05:19:43 1755536 ----a-w- C:\Windows\SysWow64\winsflt.dll
2013-10-09 05:17:49 265736 ----a-w- C:\Windows\SysWow64\cfgmig32.exe
2013-10-09 05:17:49 1424904 ----a-w- C:\Windows\SysWow64\cfgmig32.dll
2013-10-09 05:17:49 1424904 ----a-w- C:\Windows\System32\cfgmig32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 20:17:32 1914264 ----a-w- C:\Users\Chris\AppData\Roaming\nss3.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 18:22:36 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-09-29 23:19:08 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-06-05 07:27:16 11414760 ----a-w- C:\Program Files\TBS.exe
2010-09-22 17:32:24 1929448 ----a-w- C:\Program Files\ServerActivation.exe
2010-09-22 17:32:22 1925352 ----a-w- C:\Program Files\ClientActivation.exe
2010-09-22 17:32:20 2070248 ----a-w- C:\Program Files\LicenseWizard.exe
2010-09-22 17:32:16 944584 ----a-w- C:\Program Files\FNP_Act_Installer.dll
2010-09-22 17:32:16 69632 ----a-w- C:\Program Files\uninstallanchorservice.exe
2010-09-22 17:32:16 69632 ----a-w- C:\Program Files\installanchorservice.exe
2010-09-22 17:32:16 2580480 ----a-w- C:\Program Files\ServerActivation_libFNP.dll
2010-09-22 17:32:16 217032 ----a-w- C:\Program Files\FnpCommsSoap.dll
2010-09-22 17:32:06 2580480 ----a-w- C:\Program Files\ClientActivation_libFNP.dll
2010-09-22 17:29:20 2580480 ----a-w- C:\Program Files\TBS_libFNP.dll
2010-09-22 17:29:14 2580480 ----a-w- C:\Program Files\toonboom_libFNP.dll
2010-09-22 17:29:12 1720320 ----a-w- C:\Program Files\toonboom.exe
2010-09-22 17:29:04 1387088 ----a-w- C:\Program Files\lmutil.exe
2010-09-22 17:29:02 1594960 ----a-w- C:\Program Files\lmtools.exe
2010-09-22 17:29:02 1423440 ----a-w- C:\Program Files\lmgrd.exe
2010-09-22 16:17:48 56832 ----a-w- C:\Program Files\DirectShow.dll
2010-09-22 16:17:28 46592 ----a-w- C:\Program Files\ImageWIA.dll
2010-09-22 16:16:46 419328 ----a-w- C:\Program Files\EDSDK_2_5.dll
2010-07-23 17:31:44 344064 ----a-w- C:\Program Files\cgGL.dll
2010-07-23 17:31:42 5615616 ----a-w- C:\Program Files\cg.dll
2010-01-14 16:57:54 3973120 ----a-w- C:\Program Files\qt-mt336.dll
2009-08-06 16:05:22 2070528 ----a-w- C:\Program Files\QtCore4.dll
2009-06-11 14:32:50 49152 ----a-w- C:\Program Files\wstart.exe
2009-05-12 18:57:12 7439872 ----a-w- C:\Program Files\QtGui4.dll
2009-04-23 21:44:12 1773568 ----a-w- C:\Program Files\QtDesignerComponents4.dll
2009-04-23 21:41:14 2540544 ----a-w- C:\Program Files\QtDesigner4.dll
2009-04-23 21:35:14 24064 ----a-w- C:\Program Files\QtAssistantClient4.dll
2009-04-23 21:31:32 387584 ----a-w- C:\Program Files\QtHelp4.dll
2009-04-23 21:30:16 837120 ----a-w- C:\Program Files\QtCLucene4.dll
2009-04-23 21:19:58 535040 ----a-w- C:\Program Files\QtScriptTools4.dll
2009-04-23 21:16:58 8379904 ----a-w- C:\Program Files\QtWebKit4.dll
2009-04-23 20:06:36 246272 ----a-w- C:\Program Files\QtSvg4.dll
2009-04-23 20:06:02 242688 ----a-w- C:\Program Files\phonon4.dll
2009-04-23 20:05:02 1474560 ----a-w- C:\Program Files\QtXmlPatterns4.dll
2009-04-23 20:01:24 427520 ----a-w- C:\Program Files\QtOpenGL4.dll
2009-04-23 19:58:34 2300416 ----a-w- C:\Program Files\Qt3Support4.dll
2009-04-23 19:56:18 72192 ----a-w- C:\Program Files\QtTest4.dll
2009-04-23 19:55:56 651776 ----a-w- C:\Program Files\QtScript4.dll
2009-04-23 19:53:02 181248 ----a-w- C:\Program Files\QtSql4.dll
2009-04-23 19:40:42 854528 ----a-w- C:\Program Files\QtNetwork4.dll
2009-04-23 19:39:34 319488 ----a-w- C:\Program Files\QtXml4.dll
.
============= FINISH:  9:31:04.39 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:37 PM

Posted 06 December 2013 - 09:57 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

n3uobiT.jpg  Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------
 
weVCzW0.jpg Please download TDSSKiller
  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
  • ----------

Edited by jeffce, 06 December 2013 - 10:01 PM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:37 PM

Posted 08 December 2013 - 12:24 PM

Are you still with me?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:37 PM

Posted 10 December 2013 - 08:03 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users