Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"svchost.com" pop-up has disabled access to programs


  • This topic is locked This topic is locked
4 replies to this topic

#1 Christopher Begay

Christopher Begay

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 03 December 2013 - 11:34 AM

       Once my computer has finished starting up, the desktop becomes flooded with the same repetitive pop-up "Would you allow the following publisher to make changes to your computer: 'svchost.com'". This annoying pop-up has now denied me access to most of the programs on my computer. At the same time, I am unable to access or enable any anti-virus or security software. Please help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.21.2
Run by Chris at 9:30:50 on 2013-12-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.6142.4285 [GMT -5:00]
.
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Total Defense Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe
C:\Windows\SysWow64\cfgmig32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\TOTALD~1\INTERN~1\casc.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3316529&octid=CT3316529&SearchSource=61&CUI=UN40542932783351307&UM=2&UP=SPFBCFFA99-D814-4979-AC33-6AEAD548154B
uProxyOverride = <local>
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uURLSearchHooks: {8c5878d0-6106-423b-aaa8-144c143dbf44} - <orphaned>
uWinlogon: Shell = explorer.exe,C:\Users\Chris\AppData\Roaming\cache.dat
mWinlogon: Userinit = userinit.exe
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Chris\AppData\Roaming\Complitly\Complitly.dll
BHO: Plus-HD-1.3: {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Chris\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Chris\AppData\Local\TopArcadeHits\Toparcadehits.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} - 
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - 
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} - 
uRun: [Wisdom-soft ScreenHunter 6.0 Pro] 0
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [SearchProtect] C:\Users\Chris\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [Yontoo Desktop] "C:\Users\Chris\AppData\Roaming\Yontoo\YontooDesktop.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [taskhost] rundll32 "C:\Users\Chris\AppData\Roaming\Microsoft\Windows\taskhost.dll",_EntryPoint_RunDll32@16
uRun: [Akamai NetSession Interface] "C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe"
uRun: [2320633bbd5b9c41d628d6d2b760a34d] "C:\Users\Chris\AppData\Local\Temp\System32.exe" ..
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [08f4dc96bbb7af09d1a37fe35c75a42f] "C:\Users\Chris\AppData\Local\Temp\explorer.exe" ..
uRun: [39396519fcb83bfbe916d216db0cb897] "C:\Users\Chris\AppData\Local\Temp\rar.exe" ..
uRun: [5cd8f17f4086744065eb0992a09e05a2] "C:\Users\Chris\AppData\Local\Temp\Trojan.exe" ..
uRun: [75f82018084b94aa774710e365e8ad5a] "C:\Users\Chris\AppData\Roaming\ChromeErrorReport.exe" ..
uRun: [88b7da58a3e62f24b08f565445b53900] "C:\Users\Chris\windows.exe" ..
uRun: [8e0cbb43fdf473ab5dd2ea27a6f717d7] "C:\Users\Chris\AppData\Local\Temp\Lhost.exe" ..
uRun: [6028eace21edca779c427d29f5646e96] "C:\Users\Chris\AppData\Local\Temp\Avira.exe" ..
uRun: [tsxmshtkfx] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\tsxmshtkfx.vbs"
uRun: [gfjfuusseo] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\gfjfuusseo.vbs"
uRun: [9975759809ee69cc2d0562054d998149] "C:\Users\Chris\AppData\Local\Temp\skype.exe" ..
uRun: [8515eb34d8f9de5af815466e9715b3e5] "C:\Users\Chris\AppData\Roaming\Trojan.exe" ..
uRun: [a42096b41123f02038373176f78d553d] "C:\Users\Chris\AppData\Local\Temp\Programme.exe" ..
uRun: [ba4c12bee3027d94da5c81db2d196bfd] "C:\Users\Chris\AppData\Local\Temp\svchost.exe" ..
uRun: [d5a38e9b5f206c41f8851bf04a251d26] "C:\Users\Chris\AppData\Local\Temp\chrome.exe" ..
uRun: [93f19dda2412c86ad7520ba4198f39a0] "C:\Users\Chris\AppData\Roaming\explorer.exe" ..
uRun: [55b3825ee39ada2fcddf7c7accbde69e] "C:\Users\Chris\AppData\Local\Temp\Windows.exe" ..
uRun: [603a6badadea29a9eca7c9e6400ea5f3] "C:\Users\Chris\AppData\Roaming\isco.exe" ..
uRun: [cd9e051ed80df1a0c0b000059793bab8] "C:\ProgramData\Trojan.exe" ..
uRun: [3e63a938db09de6e11954fd8f4787926] "C:\Users\Chris\AppData\Local\Temp\flash player11.exe" ..
uRun: [f9be75c5023d5e25b0bbaa6b68899d2b] "C:\Users\Chris\AppData\Local\Temp\firefox.exe" ..
uRun: [bf25ebda9ed415e6c3415d91d576c00c] "C:\Users\Chris\AppData\Local\Temp\Yahoo.exe" ..
uRun: [1823db243d8a00bc4e3d65056e83d2e1] "C:\Users\Chris\AppData\Local\Temp\hala.exe" ..
uRun: [12ba4be530498a67db271b27becb770b] "C:\Users\Chris\AppData\Local\Temp\google chrome.exe" ..
uRun: [2d697d22e0ded1a6c04cb545d5d58e26] "C:\Users\Chris\AppData\Local\Temp\taskgen.exe" ..
uRun: [MicroUpdate] C:\Users\Chris\Documents\MSDCSC\gxTSXhiacT5L\msdcsc.exe
uRun: [HKCU] C:\Users\Chris\AppData\Local\Temp\AKTFDR~1.EXE
uRun: [8c80ffbd51e41630349ef9ea87666f9a] "C:\Users\Chris\AppData\Local\Temp\avg.exe" ..
uRun: [9b3790d0786169b89c2db575118b0801] "C:\Users\Chris\AppData\Local\Temp\uptaetgoogle.exe" ..
uRun: [AdobeART] C:\Users\Chris\AppData\Roaming\AdobeART.exe
uRun: [6dc30988224150809478ca2bf8cd9a7b] "C:\ProgramData\otmix.exe" ..
uRun: [35d1703cd61867afaf567473dc316f87] "C:\Users\Chris\AppData\Local\Temp\svhost.exe" ..
uRun: [cwwczvpknx] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\cwwczvpknx.vbs"
uRun: [npsjstiapm] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\npsjstiapm.vbs"
uRun: [7b4b90d3d0be2a88320e80dc177d8094] "C:\Users\Chris\AppData\Local\Temp\Qm.exe" ..
uRun: [agqosyycln] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\agqosyycln.vbs"
uRun: [bmasduopgo] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\bmasduopgo.vbs"
uRun: [wudrbtoebv] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\wudrbtoebv..vbs"
uRun: [67611c5f64c1fcf443e5277686992ce9] "C:\Users\Chris\AppData\Roaming\JAVA.exe" ..
uRun: [62f00c82a37b33467bb96c0d990a9c47] "C:\ProgramData\xxx.exe" ..
uRun: [2a2a04832a826e930d8d38e40ff1594c] "C:\Users\Chris\avast.exe" ..
uRun: [8eda1783e4170af7d2dd12d6f2c6f6a1] "C:\Users\Chris\AppData\Local\Temp\123.exe" ..
uRun: [539d4d0efb6c5527f7eb2a65f9bc1207] "C:\Users\Chris\AppData\Local\Temp\wn32.exe" ..
uRun: [sdasioqzsu] wscript.exe //B "C:\Users\Chris\AppData\Roaming\sdasioqzsu.vbs"
uRun: [d581707eea2fc69e0b4186a3ab299167] "C:\Users\Chris\AppData\Roaming\husiin.exe" ..
uRun: [ca6ff4fc9d6b2752fedce063008c697a] "C:\Users\Chris\AppData\Local\Temp\explore.exe" ..
uRun: [fe3ae9fb5206cf49d6fc22975e956780] "C:\Users\Chris\AppData\Local\Temp\neww.exe" ..
uRun: [dae31c02cb06222e776b9ccb9207edb1] "C:\Users\Chris\AppData\Roaming\system.exe" ..
uRun: [mhxwktielt] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\mhxwktielt.vbs"
uRun: [jjwvnvrirf] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\jjwvnvrirf.vbs"
uRun: [nxazkfekfd] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\nxazkfekfd.vbs"
uRun: [be5a0f6f89be4e6a3a5710ea405db1f0] "C:\Users\Chris\AppData\Local\Temp\svshostt.exe" ..
uRun: [a08a3e6b90bdbc3312f555e5b7a5b57b] "C:\Users\Chris\AppData\Local\Temp\Explorerr.exe" ..
uRun: [njmlrpsmlz] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\njmlrpsmlz.vbs"
uRun: [cc2e20a4c69851daf0922d32d011ace9] "C:\Users\Chris\AppData\Local\Temp\systtem.exe" ..
uRun: [66a57a4a6e48da28e09699966ed918d2] "C:\ProgramData\internet2.exe" ..
uRun: [f6832a32dae6f58829a4195dbe813c84] "C:\Users\Chris\Google.exe" ..
uRun: [4c202c3f5cd3032cfbfd4b11de33d6ad] "C:\Users\Chris\AppData\Local\Temp\Epsp.exe" ..
uRun: [tuejrqtwzi] "C:\Users\Chris\AppData\Local\Temp\tuejrqtwzi..vbs"
uRun: [ff303586d19cc6ab8beff5cc0f62006f] "C:\Users\Chris\AppData\Roaming\updaut2.exe" ..
uRun: [TUEJRQ~1] "C:\Users\Chris\AppData\Local\Temp\TUEJRQ~1.VBS"
uRun: [5742b294151158b3247c703150fc25bf] "C:\Users\Chris\AppData\Local\Temp\Windos.exe" ..
uRun: [Virus] C:\Users\Chris\AppData\Roaming\hack facebook.exe
uRun: [Servieca.vbs] "C:\Users\Chris\AppData\Local\Temp\Servieca.vbs"
uRun: [qglugfmikx] "C:\Users\Chris\AppData\Local\Temp\qglugfmikx..vbs"
uRun: [QGLUGF~1] "C:\Users\Chris\AppData\Local\Temp\QGLUGF~1.VBS"
uRun: [322a113a0a0b457a5a02ba1f6c64c916] "C:\Users\Chris\AppData\Roaming\winRaR.exe" ..
uRun: [3ce46044351feae73e1db2687986be49] "C:\ProgramData\msn messenger.exe" ..
uRun: [a5187f3603243d484b81c49836b65d36] "C:\Users\Chris\AppData\Local\Temp\DeLL.exe" ..
uRun: [microsofto] "C:\Users\Chris\AppData\Local\Temp\microsofto.exe" ..
uRun: [81c158a2010653b42b6c1a9a749807e1] "C:\Users\Chris\AppData\Local\Temp\refowserv.exe" ..
uRun: [7c19dbad7d9742a06f22744993e7ad5e] "C:\Users\Chris\AppData\Local\Temp\winara.exe" ..
uRun: [192064d106a100ecbbdd643db1379bc9] "C:\Users\Chris\AppData\Local\Temp\daita.exe" ..
uRun: [abc4777d1974c14fce031c2da660af18] "C:\Users\Chris\AppData\Local\Temp\(^_^).exe" ..
uRun: [bd461fa385e167a1593a4344744311fa] "C:\Users\Chris\AppData\Local\Temp\llllllllllllll.exe" ..
uRun: [45ca55fc1756e880072f0dde4455397b] "C:\Users\Chris\AppData\Local\Temp\win32.exe" ..
uRun: [301b5fcf8ce2fab8868e80b6c1f912fe] "C:\Users\Chris\AppData\Local\Temp\System.exe" ..
uRun: [amlxtstftc] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\amlxtstftc.vbs"
uRun: [b26e4af86219a548e07c1e42af04ad7f] "C:\Users\Chris\AppData\Local\Temp\xkibechhjv.exe" ..
uRun: [9adfdffd788da9e05bd39564d5ce09e2] "C:\Users\Chris\AppData\Local\Temp\winds4.exe" ..
uRun: [6f357c447d27f0f26116604e025fb6db] "C:\Users\Chris\AppData\Roaming\iexplorern.exe" ..
uRun: [XuNZNLFXUqalq] C:\Users\Chris\AppData\Roaming\XuNZNLFXUqalq.exe
uRun: [ad76a6098df431046ffdf41b1a2ed40a] "C:\ProgramData\svchost.exe" ..
uRun: [2862c7daef3366c68347d8d41a43ba82] "C:\Users\Chris\AppData\Local\Temp\santana fx mediaplayer dup.exe" ..
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun: [kakakrotte] C:\Users\Chris\Documents\BitLord\3D SexVilla2-Everlust-132.001-EN-Setup\Output.exe
mRun: [tsxmshtkfx] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\tsxmshtkfx.vbs"
mRun: [gfjfuusseo] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\gfjfuusseo.vbs"
mRun: [wudrbtoebv] wscript.exe //B "C:\Users\Chris\AppData\Local\Temp\wudrbtoebv..vbs"
mRun: [sdasioqzsu] wscript.exe //B "C:\Users\Chris\AppData\Roaming\sdasioqzsu.vbs"
mRun: [2a2a04832a826e930d8d38e40ff1594c] "C:\Users\Chris\avast.exe" ..
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08f4dc96bbb7af09d1a37fe35c75a42f.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\12ba4be530498a67db271b27becb770b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1823db243d8a00bc4e3d65056e83d2e1.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2862c7daef3366c68347d8d41a43ba82.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a2a04832a826e930d8d38e40ff1594c.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d697d22e0ded1a6c04cb545d5d58e26.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\35d1703cd61867afaf567473dc316f87.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\39396519fcb83bfbe916d216db0cb897.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3ce46044351feae73e1db2687986be49.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3e63a938db09de6e11954fd8f4787926.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\45ca55fc1756e880072f0dde4455397b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c202c3f5cd3032cfbfd4b11de33d6ad.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\55b3825ee39ada2fcddf7c7accbde69e.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5742b294151158b3247c703150fc25bf.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\603a6badadea29a9eca7c9e6400ea5f3.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\62f00c82a37b33467bb96c0d990a9c47.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\66a57a4a6e48da28e09699966ed918d2.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\67611c5f64c1fcf443e5277686992ce9.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\67768d811366a615bdc984736c23386c.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6dc30988224150809478ca2bf8cd9a7b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6f357c447d27f0f26116604e025fb6db.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\75f82018084b94aa774710e365e8ad5a.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7c19dbad7d9742a06f22744993e7ad5e.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81c158a2010653b42b6c1a9a749807e1.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8515eb34d8f9de5af815466e9715b3e5.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\93f19dda2412c86ad7520ba4198f39a0.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9975759809ee69cc2d0562054d998149.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9adfdffd788da9e05bd39564d5ce09e2.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9b3790d0786169b89c2db575118b0801.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a08a3e6b90bdbc3312f555e5b7a5b57b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ad76a6098df431046ffdf41b1a2ed40a.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agqosyycln.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amlxtstftc.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bd461fa385e167a1593a4344744311fa.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\be5a0f6f89be4e6a3a5710ea405db1f0.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bf25ebda9ed415e6c3415d91d576c00c.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bmasduopgo.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cc2e20a4c69851daf0922d32d011ace9.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwwczvpknx.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d581707eea2fc69e0b4186a3ab299167.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d5a38e9b5f206c41f8851bf04a251d26.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dae31c02cb06222e776b9ccb9207edb1.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f6832a32dae6f58829a4195dbe813c84.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9be75c5023d5e25b0bbaa6b68899d2b.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fe3ae9fb5206cf49d6fc22975e956780.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff303586d19cc6ab8beff5cc0f62006f.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gfjfuusseo.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jjwvnvrirf.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maram023.scr
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mhxwktielt.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\microsofto.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\njmlrpsmlz.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\npsjstiapm.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxazkfekfd.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qglugfmikx..vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QGLUGF~1.VBS
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdasioqzsu.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Servieca.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsxmshtkfx.vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuejrqtwzi..vbs
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TUEJRQ~1.VBS
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virus.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wudrbtoebv..vbs
uPolicies-Explorer: NoFileMenu = dword:1
uPolicies-Explorer: TaskbarNoNotification = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoCustomizeThisFolder = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispScrSavPage = dword:1
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-System: NoVirtMemPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{515A2CAE-14BA-40D6-97EA-A6E5A3E18361} : DHCPNameServer = 64.71.255.204 64.71.255.198
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs=    
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Chris\AppData\Roaming\Complitly\64\Complitly64.dll
x64-BHO: Plus-HD-1.3: {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll
x64-BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - 
x64-TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [cctray] "C:\Program Files\Total Defense\Internet Security Suite\casc.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316529&CUI=UN70469115241222041&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Vafmusic2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3316529&octid=CT3316529&SearchSource=61&CUI=UN70469115241222041&UM=2&UP=SPFBCFFA99-D814-4979-AC33-6AEAD548154B
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3293216&SearchSource=2&CUI=UN26721931921071615&UM=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{73507124-6acd-43aa-b749-c3bcfefbea97}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{73507124-6acd-43aa-b749-c3bcfefbea97}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{8a184644-a171-4b05-bc9a-28d75ffc9505}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{8a184644-a171-4b05-bc9a-28d75ffc9505}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
FF - ExtSQL: 2013-10-21 03:45; addon@defaulttab.com; C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-10-21 03:46; {7f3f960e-a836-45ca-8911-0accb522246e}; C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yaff6pmw.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 41b1a2bf-b64b-40e0-8bc7-046b199ec755
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R2 CAAMSvc;CAAMSvc;C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\CAAMSvc.exe [2012-9-18 313040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2013-10-9 265736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\System32\drivers\stdriver64.sys [2012-5-10 103512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-19 111616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]
.
=============== File Associations ===============
.
FileExt: .exe: exefile=C:\Windows\svchost.com "%1" %*
.
=============== Created Last 30 ================
.
2013-12-03 14:16:08 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5A4A2C3-C0E7-488A-8DEB-0CC49411C049}\offreg.dll
2013-12-02 10:09:22 -------- d-----w- C:\Program Files (x86)\Gazillion Entertainment
2013-12-02 02:00:43 -------- d-----w- C:\ProgramData\Solid State Networks
2013-12-02 01:56:55 506728 ----a-w- C:\Windows\System32\d3dx10_33.dll
2013-12-02 01:56:55 443752 ----a-w- C:\Windows\SysWow64\d3dx10_33.dll
2013-12-02 01:56:55 1400176 ----a-w- C:\Windows\System32\D3DCompiler_33.dll
2013-12-02 01:56:55 1123696 ----a-w- C:\Windows\SysWow64\D3DCompiler_33.dll
2013-12-02 01:56:53 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll
2013-12-02 01:56:53 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2013-11-23 10:52:26 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5A4A2C3-C0E7-488A-8DEB-0CC49411C049}\mpengine.dll
2013-11-23 08:05:26 86 ----a-w- C:\Windows\directx.sys
2013-11-22 21:34:01 41472 ----a-w- C:\Windows\svchost.com
2013-11-22 21:26:21 296693 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virus.exe
2013-11-22 20:57:15 356628 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maram023.scr
2013-11-22 20:46:47 90624 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2862c7daef3366c68347d8d41a43ba82.exe
2013-11-22 20:30:11 471 ----a-w- C:\ProgramData\svchost.exe.tmp
2013-11-22 20:27:34 29696 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ad76a6098df431046ffdf41b1a2ed40a.exe
2013-11-22 20:26:30 29696 ----a-w- C:\ProgramData\svchost.exe
2013-11-22 20:25:43 29696 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe
2013-11-22 13:59:24 414208 ----a-w- C:\Users\Chris\AppData\Roaming\XuNZNLFXUqalq.exe
2013-11-22 13:52:38 90 ----a-w- C:\Users\Chris\AppData\Roaming\iexplorern.exe.tmp
2013-11-22 13:51:52 356352 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6f357c447d27f0f26116604e025fb6db.exe
2013-11-22 13:50:52 356352 ----a-w- C:\Users\Chris\AppData\Roaming\iexplorern.exe
2013-11-22 13:49:12 4513 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Servieca.vbs
2013-11-22 13:48:59 93012 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qglugfmikx..vbs
2013-11-22 13:48:55 73201 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsxmshtkfx.vbs
2013-11-22 13:48:55 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jjwvnvrirf.vbs
2013-11-22 13:48:46 93012 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuejrqtwzi..vbs
2013-11-22 13:48:46 93012 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TUEJRQ~1.VBS
2013-11-22 13:48:32 93012 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QGLUGF~1.VBS
2013-11-22 12:01:30 104448 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9adfdffd788da9e05bd39564d5ce09e2.exe
2013-11-22 11:09:38 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amlxtstftc.vbs
2013-11-22 09:58:34 317440 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\45ca55fc1756e880072f0dde4455397b.exe
2013-11-21 12:50:02 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7c19dbad7d9742a06f22744993e7ad5e.exe
2013-11-21 12:34:38 284160 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81c158a2010653b42b6c1a9a749807e1.exe
2013-11-20 10:05:40 12164 ----a-w- C:\ProgramData\otmix.exe.tmp
2013-11-20 10:05:32 8626 ----a-w- C:\ProgramData\xxx.exe.tmp
2013-11-20 10:05:32 20520 ----a-w- C:\ProgramData\Trojan.exe.tmp
2013-11-19 21:03:35 881 ----a-w- C:\Users\Chris\AppData\Roaming\otmix.exe.tmp
2013-11-19 08:02:09 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-11-19 08:01:50 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-11-19 08:01:50 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-11-19 08:01:50 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-11-19 08:01:43 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-19 08:01:43 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-19 07:32:43 2809 ----a-w- C:\ProgramData\msn messenger.exe.tmp
2013-11-19 07:32:22 29184 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3ce46044351feae73e1db2687986be49.exe
2013-11-19 07:31:35 29184 ----a-w- C:\ProgramData\msn messenger.exe
2013-11-18 21:36:00 179712 ----a-w- C:\Users\Chris\AppData\Roaming\winRaR.exe
2013-11-18 20:52:38 595 ----a-w- C:\Users\Chris\nj.exe.tmp
2013-11-18 15:06:41 296693 ----a-w- C:\Users\Chris\AppData\Roaming\hack facebook.exe
2013-11-18 13:08:27 29696 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5742b294151158b3247c703150fc25bf.exe
2013-11-17 21:14:40 4272 ----a-w- C:\Users\Chris\AppData\Roaming\updaut2.exe.tmp
2013-11-17 21:14:17 88064 ----a-w- C:\Users\Chris\AppData\Roaming\updaut2.exe
2013-11-17 21:14:17 88064 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff303586d19cc6ab8beff5cc0f62006f.exe
2013-11-17 20:42:34 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c202c3f5cd3032cfbfd4b11de33d6ad.exe
2013-11-17 20:04:59 770384 ----a-w- C:\ProgramData\msvcr100.dll
2013-11-17 20:04:59 421200 ----a-w- C:\ProgramData\msvcp100.dll
2013-11-17 20:04:59 1914264 ----a-w- C:\ProgramData\nss3.dll
2013-11-16 21:06:50 4989 ----a-w- C:\Users\Chris\Google.exe.tmp
2013-11-16 21:06:30 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f6832a32dae6f58829a4195dbe813c84.exe
2013-11-16 21:06:29 86016 ----a-w- C:\Users\Chris\Google.exe
2013-11-16 12:39:09 4660 ----a-w- C:\ProgramData\internet2.exe.tmp
2013-11-16 12:38:45 86016 ----a-w- C:\ProgramData\internet2.exe
2013-11-16 12:31:04 29184 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cc2e20a4c69851daf0922d32d011ace9.exe
2013-11-16 11:39:06 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\njmlrpsmlz.vbs
2013-11-16 10:47:17 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\be5a0f6f89be4e6a3a5710ea405db1f0.exe
2013-11-16 10:19:32 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxazkfekfd.vbs
2013-11-15 21:16:45 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mhxwktielt.vbs
2013-11-15 13:37:06 5328 ----a-w- C:\Users\Chris\AppData\Roaming\system.exe.tmp
2013-11-15 13:36:44 86016 ----a-w- C:\Users\Chris\AppData\Roaming\system.exe
2013-11-15 13:36:44 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dae31c02cb06222e776b9ccb9207edb1.exe
2013-11-15 13:08:18 29184 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fe3ae9fb5206cf49d6fc22975e956780.exe
2013-11-15 13:01:49 6822 ----a-w- C:\Users\Chris\AppData\Roaming\husiin.exe.tmp
2013-11-15 13:01:30 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d581707eea2fc69e0b4186a3ab299167.exe
2013-11-15 13:01:30 86016 ----a-w- C:\Users\Chris\AppData\Roaming\husiin.exe
2013-11-15 09:10:42 14267 ----a-w- C:\Users\Chris\AppData\Roaming\sdasioqzsu.vbs
2013-11-15 09:10:42 14267 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdasioqzsu.vbs
2013-11-12 05:12:05 -------- d-----w- C:\Program Files (x86)\Plus-HD-1.3
2013-11-12 05:12:01 -------- d-----w- C:\Program Files (x86)\VideoPlayer
2013-11-11 21:09:22 11480 ----a-w- C:\Users\Chris\avast.exe.tmp
2013-11-11 21:09:02 165888 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a2a04832a826e930d8d38e40ff1594c.exe
2013-11-11 21:08:33 165888 ----a-w- C:\Users\Chris\avast.exe
2013-11-11 21:04:29 846 ----a-w- C:\Users\Chris\AppData\Roaming\test.exe.tmp
2013-11-11 20:59:38 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\62f00c82a37b33467bb96c0d990a9c47.exe
2013-11-11 20:59:38 86016 ----a-w- C:\ProgramData\xxx.exe
2013-11-11 20:48:35 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\67611c5f64c1fcf443e5277686992ce9.exe
2013-11-11 20:48:34 86016 ----a-w- C:\Users\Chris\AppData\Roaming\JAVA.exe
2013-11-11 13:15:03 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wudrbtoebv..vbs
2013-11-11 12:44:23 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bmasduopgo.vbs
2013-11-11 12:36:19 770384 ----a-w- C:\Users\Chris\msvcr100.dll
2013-11-11 12:36:19 421200 ----a-w- C:\Users\Chris\msvcp100.dll
2013-11-11 12:36:19 1914264 ----a-w- C:\Users\Chris\nss3.dll
2013-11-11 12:35:36 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agqosyycln.vbs
2013-11-11 10:12:32 -------- d-----w- C:\ProgramData\Screaming Bee
2013-11-10 21:26:06 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\npsjstiapm.vbs
2013-11-10 21:21:44 14274 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwwczvpknx.vbs
2013-11-10 21:17:08 9873 ----a-w- C:\Users\Chris\hkcmd.exe.tmp
2013-11-10 12:25:38 355328 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\35d1703cd61867afaf567473dc316f87.exe
2013-11-10 12:12:06 -------- d-----w- C:\Program Files (x86)\ AV Vcs 7.0
2013-11-10 11:56:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\Avnex
2013-11-10 11:41:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\Screaming Bee
2013-11-09 14:02:50 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6dc30988224150809478ca2bf8cd9a7b.exe
2013-11-09 14:02:49 86016 ----a-w- C:\ProgramData\otmix.exe
2013-11-09 12:56:52 18432 ----a-w- C:\Users\Chris\AppData\Roaming\AdobeART.exe
2013-11-09 11:56:49 199680 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9b3790d0786169b89c2db575118b0801.exe
2013-11-09 10:09:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\InstallDir
2013-11-08 21:25:03 220672 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d697d22e0ded1a6c04cb545d5d58e26.exe
2013-11-05 12:42:01 346 ----a-w- C:\ProgramData\explorer.exe.tmp
2013-11-04 23:52:55 9521 ----a-w- C:\Users\Chris\AppData\Roaming\JAVA.exe.tmp
2013-11-04 10:55:45 1036 ----a-w- C:\Users\Chris\AppData\Roaming\trosystem.exe.tmp
2013-11-04 09:12:39 900 ----a-w- C:\Users\Chris\explorer.exe.tmp
.
==================== Find3M  ====================
.
2013-11-28 07:25:41 86016 ----a-w- C:\Users\Chris\AppData\Roaming\Trojan.exe
2013-11-28 07:25:37 86016 ----a-w- C:\Users\Chris\AppData\Roaming\isco.exe
2013-11-28 07:25:37 86016 ----a-w- C:\Users\Chris\AppData\Roaming\explorer.exe
2013-11-23 09:11:41 20511 ----a-w- C:\Users\Chris\AppData\Roaming\Trojan.exe.tmp
2013-11-23 09:11:41 20506 ----a-w- C:\Users\Chris\AppData\Roaming\isco.exe.tmp
2013-11-23 09:11:35 20502 ----a-w- C:\Users\Chris\windows.exe.tmp
2013-11-23 09:11:35 20494 ----a-w- C:\Users\Chris\AppData\Roaming\explorer.exe.tmp
2013-11-23 09:10:36 5056 ----a-w- C:\Users\Chris\AppData\Roaming\winRaR.exe.tmp
2013-11-23 08:09:52 515072 ----a-w- C:\Users\Chris\AppData\Roaming\ChromeErrorReport.exe
2013-11-23 08:05:27 3823686 ----a-w- C:\chatzum_nt.exe
2013-11-22 21:31:53 20218 ----a-w- C:\Users\Chris\AppData\Roaming\ChromeErrorReport.exe.tmp
2013-11-22 21:00:26 461026 ----a-w- C:\Users\Chris\AppData\Roaming\satoolbar.exe
2013-11-22 21:00:22 499261 ----a-w- C:\Users\Chris\AppData\Roaming\fdm-setup.exe
2013-11-22 21:00:22 484032 ----a-w- C:\Users\Chris\AppData\Roaming\fdmer.exe
2013-11-22 21:00:21 566784 ----a-w- C:\Users\Chris\AppData\Roaming\bsetter-own.exe
2013-11-19 08:02:09 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-11-11 10:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-06 21:38:24 1467 ----a-w- C:\Users\Chris\AppData\Roaming\System32.exe.tmp
2013-11-06 21:38:13 1364 ----a-w- C:\Users\Chris\AppData\Roaming\Windows.exe.tmp
2013-11-03 12:31:29 44544 ----a-w- C:\Users\Chris\AppData\Roaming\Chrome
2013-10-29 10:55:02 115315 ----a-w- C:\Windows\SysWow64\%TEMP%.exe
2013-10-28 20:50:50 29696 ----a-w- C:\ProgramData\Trojan.exe
2013-10-26 10:21:19 29696 ----a-w- C:\Users\Chris\AppData\Roaming\Windows.exe
2013-10-22 20:23:05 29696 ----a-w- C:\Users\Chris\windows.exe
2013-10-21 21:36:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-21 21:36:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-21 07:43:53 420944 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 05:19:43 2535824 ----a-w- C:\Windows\System32\winsflt.dll
2013-10-09 05:19:43 1755536 ----a-w- C:\Windows\SysWow64\winsflt.dll
2013-10-09 05:17:49 265736 ----a-w- C:\Windows\SysWow64\cfgmig32.exe
2013-10-09 05:17:49 1424904 ----a-w- C:\Windows\SysWow64\cfgmig32.dll
2013-10-09 05:17:49 1424904 ----a-w- C:\Windows\System32\cfgmig32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 20:17:32 1914264 ----a-w- C:\Users\Chris\AppData\Roaming\nss3.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 18:22:36 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-09-29 23:19:08 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-06-05 07:27:16 11414760 ----a-w- C:\Program Files\TBS.exe
2010-09-22 17:32:24 1929448 ----a-w- C:\Program Files\ServerActivation.exe
2010-09-22 17:32:22 1925352 ----a-w- C:\Program Files\ClientActivation.exe
2010-09-22 17:32:20 2070248 ----a-w- C:\Program Files\LicenseWizard.exe
2010-09-22 17:32:16 944584 ----a-w- C:\Program Files\FNP_Act_Installer.dll
2010-09-22 17:32:16 69632 ----a-w- C:\Program Files\uninstallanchorservice.exe
2010-09-22 17:32:16 69632 ----a-w- C:\Program Files\installanchorservice.exe
2010-09-22 17:32:16 2580480 ----a-w- C:\Program Files\ServerActivation_libFNP.dll
2010-09-22 17:32:16 217032 ----a-w- C:\Program Files\FnpCommsSoap.dll
2010-09-22 17:32:06 2580480 ----a-w- C:\Program Files\ClientActivation_libFNP.dll
2010-09-22 17:29:20 2580480 ----a-w- C:\Program Files\TBS_libFNP.dll
2010-09-22 17:29:14 2580480 ----a-w- C:\Program Files\toonboom_libFNP.dll
2010-09-22 17:29:12 1720320 ----a-w- C:\Program Files\toonboom.exe
2010-09-22 17:29:04 1387088 ----a-w- C:\Program Files\lmutil.exe
2010-09-22 17:29:02 1594960 ----a-w- C:\Program Files\lmtools.exe
2010-09-22 17:29:02 1423440 ----a-w- C:\Program Files\lmgrd.exe
2010-09-22 16:17:48 56832 ----a-w- C:\Program Files\DirectShow.dll
2010-09-22 16:17:28 46592 ----a-w- C:\Program Files\ImageWIA.dll
2010-09-22 16:16:46 419328 ----a-w- C:\Program Files\EDSDK_2_5.dll
2010-07-23 17:31:44 344064 ----a-w- C:\Program Files\cgGL.dll
2010-07-23 17:31:42 5615616 ----a-w- C:\Program Files\cg.dll
2010-01-14 16:57:54 3973120 ----a-w- C:\Program Files\qt-mt336.dll
2009-08-06 16:05:22 2070528 ----a-w- C:\Program Files\QtCore4.dll
2009-06-11 14:32:50 49152 ----a-w- C:\Program Files\wstart.exe
2009-05-12 18:57:12 7439872 ----a-w- C:\Program Files\QtGui4.dll
2009-04-23 21:44:12 1773568 ----a-w- C:\Program Files\QtDesignerComponents4.dll
2009-04-23 21:41:14 2540544 ----a-w- C:\Program Files\QtDesigner4.dll
2009-04-23 21:35:14 24064 ----a-w- C:\Program Files\QtAssistantClient4.dll
2009-04-23 21:31:32 387584 ----a-w- C:\Program Files\QtHelp4.dll
2009-04-23 21:30:16 837120 ----a-w- C:\Program Files\QtCLucene4.dll
2009-04-23 21:19:58 535040 ----a-w- C:\Program Files\QtScriptTools4.dll
2009-04-23 21:16:58 8379904 ----a-w- C:\Program Files\QtWebKit4.dll
2009-04-23 20:06:36 246272 ----a-w- C:\Program Files\QtSvg4.dll
2009-04-23 20:06:02 242688 ----a-w- C:\Program Files\phonon4.dll
2009-04-23 20:05:02 1474560 ----a-w- C:\Program Files\QtXmlPatterns4.dll
2009-04-23 20:01:24 427520 ----a-w- C:\Program Files\QtOpenGL4.dll
2009-04-23 19:58:34 2300416 ----a-w- C:\Program Files\Qt3Support4.dll
2009-04-23 19:56:18 72192 ----a-w- C:\Program Files\QtTest4.dll
2009-04-23 19:55:56 651776 ----a-w- C:\Program Files\QtScript4.dll
2009-04-23 19:53:02 181248 ----a-w- C:\Program Files\QtSql4.dll
2009-04-23 19:40:42 854528 ----a-w- C:\Program Files\QtNetwork4.dll
2009-04-23 19:39:34 319488 ----a-w- C:\Program Files\QtXml4.dll
.
============= FINISH:  9:31:04.39 ===============
Attached File  attach.txt   9.46KB   3 downloads


BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:12:53 PM

Posted 04 December 2013 - 02:10 AM

Hi Christopher Begay and Welcome to Bleeping Computer !

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:12:53 PM

Posted 04 December 2013 - 04:25 PM

Hello Christopher Begay

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitLord 2.2). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Step 2

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

AVG Security Toolbar
Babylon Chrome Toolbar
Norton Security Scan
Search-Results Toolbar
Search Protect by conduit
SweetPacks bundle uninstaller
Yontoo 2.053


Step 3

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 4

Please Download Farbar Recovery Scan Tool

Farbar Recovery Scan Tool 64-Bit and save it to your Desktop.

  • Double Click the Program to Run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log FRST.txt and Additional.txt which will open in Notepad. Please copy and paste it to your reply.[/list]

Edited by seedy21, 04 December 2013 - 04:25 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:12:53 PM

Posted 06 December 2013 - 12:34 PM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 AM

Posted 10 December 2013 - 08:42 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users