Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection from .scr files... Not sure if I'm infected or not


  • This topic is locked This topic is locked
18 replies to this topic

#1 kanade

kanade

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 26 January 2014 - 11:27 PM

Hello.

 

This issue relates to the thread I've created few days ago (http://www.bleepingcomputer.com/forums/t/522162/accidently-clicked-scr-files-not-sure-if-im-infected-or-not/). One of the forum moderator kindly asked me to post this issue on this forum for further investigations.

Basically, I accidentally downloaded and ran two .scr files (double clicked those files and nothing happened) which turns out that those files were malicious as it has infected one of my friend's computer and gained access to his email/steam accounts. I was recommended to scan those files with online scanners provided by mod and out of three, one of them detected the files as malicious (from VirusTotal, only one antivirus detected the files malicious). 

 

Furthermore, I've undergone small steps to clean up/protect myself temporary:

- Performed various scans (these were done during normal boot, not safe mode):

        > Microsoft Security Essential: ran quick scan and found nothing. I also scanned those two .scr files individually and it didn't report any malicious items

        > Malwarebytes Anti-Malware: also ran quick scan and it only found adverts and one minor item (PUP.Optional.CrossRider.A)

        > Spybot - Search & Destroy: found only minor items (Microsoft Windows Active Desktop and alert.dll by Conduit)\

- Changed passwords for my main email, steam, paypal and bank account (these are the most important ones I could think of)

- My main browser is Firefox:

        > Deleted saved passwords for all sites

        > Deleted login details for all sites

I also followed steps from http://www.bleepingcomputer.com/forums/t/511167/scr-virus/:

- Security Check and RKill: I have the logs files ready so please let me know if you want me to post it on my next reply

- ESET Online scanner: I have performed twice for this scan

        > For the first time, I was up to 75% scanning until the browser crashed and it automatically stopped and clean the detected malicious items (there were 18 and 16 of them were cleaned)

        > For the second time, the scan finished without any problems and it has detected no malicious items. I've checked quarantine and delete boxes and clicked "finish". Unfortunately, I forgot to save the log files before deleting ESET from my computer

 

 

Here is the detail of DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.45.2
Run by Eric at 14:49:12 on 2014-01-27
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.8183.5459 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
D:\__--USERS--__\Tenshi_\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\WTFast\WTFast.exe
C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uProxyOverride = local;<local>
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - LocalServer32 - <no file>
uURLSearchHooks: {94366e2c-9923-431c-b0d6-747447dd0f2b} - <orphaned>
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - LocalServer32 - <no file>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - LocalServer32 - <no file>
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - LocalServer32 - <no file>
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe"
mRun: [ghost] D:\__--Users--__\Tenshi_\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: ??? ????(&Q) - <no file>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: ??? ????(&Q) - <no file>
IE: ??? EXIF ?? ?? - <no file>
IE: タフケフチ・EXIF チ、コク コクア - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: %SystemRoot%\system32\WTFastDrv.dll
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{D5A1179C-22DB-49E3-B184-B758D8E502F4} : NameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: 0aMCPClient - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\
FF - prefs.js: browser.startup.homepage - hxxps://lms-blackboard.telt.unsw.edu.au/webapps/portal/frameset.jsp|https://blu172.mail.live.com/mail/?n=28232684&fid=1|http://forums.whirlpool.net.au/forum-replies.cfm?t=2151870|http://whirlpool.net.au/wiki/adsl_modem_router_bridge_mode|http://ue.logitech.com/en-au/product/ue900|http://www.amiami.com/|http://www.play-asia.com/cart.html|http://www.amazon.co.jp/ref=gno_logo|http://www.gensokyo.org/archives/3222|http://en.touhouwiki.net/wiki/Comics_by_Release|http://www.animetake.com/nourin-episode-3/|http://www.animetake.com/mahou-shoujo-madoka%E2%98%85magica-movie-3-hangyaku-no-monogatari/|http://www.nyaa.se/?page=search&cats=0_0&filter=0&term=sakura|http://randomc.net/2014/01/01/winter-2014-schedule/|https://nipponsei.minglong.org/index.php?section=Tracker&page=0|http://www.anime-sharing.com/forum/anime-osts-41/|http://www.mangatraders.com/|http://www.mangaupdates.com/mylist.html|http://forums.animesuki.com/|http://myanimelist.net/|http://randomc.net/|http://www.sankakucomplex.com/|http://boards.4chan.org/a/|http://boards.4chan.org/a/catalog|http://boards.4chan.org/a/res/100862569|http://www.mangatraders.com/manga/series/4046|http://boards.4chan.org/jp/catalog|http://boards.4chan.org/vg/catalog|http://www.doujinstyle.com/forum/viewtopic.php?id=7710|http://nandaka.wordpress.com/2013/12/18/pixiv-downloader-20131218/|http://www.pixiv.net/bookmark_new_illust.php?p=4|http://danbooru.donmai.us/artists?utf8=%E2%9C%93&search%5Bname%5D=null&search%5Border%5D=date&commit=Search|http://www.pixiv.net/member.php?id=4556900|http://www.pixiv.net/member.php?id=563034|http://www.pixiv.net/member.php?id=328685|http://www.pixiv.net/member.php?id=488651|http://www.pixiv.net/member.php?id=288981|http://www.pixiv.net/member.php?id=9638|http://www.pixiv.net/member.php?id=2248262|http://www.pixiv.net/member.php?id=415059|http://www.pixiv.net/member.php?id=963778|http://www.pixiv.net/member.php?id=3044849|http://www.pixiv.net/member.php?id=518934|http://www.pixiv.net/member_illust.php?id=2761932|http://www.pixiv.net/member.php?id=7333|http://www.pixiv.net/member.php?id=5626224|http://seiga.nicovideo.jp/illust/ranking/point/hourly/toho|http://www.zerochan.net/|http://www.shrinemaiden.org/forum/index.php?board=2.0|http://moriyashrine.weebly.com/official-touhou-games.html|http://www.youtube.com/|http://www.nicovideo.jp/mylist/40176006|http://www.nicovideo.jp/mylist/31075621|http://www.nicovideo.jp/mylist/40489615|http://www.nicovideo.jp/mylist/38196074|http://www.sunmism.com/2925|http://www.sunmism.com/756|http://www.sunmism.com/2645|http://www.sunmism.com/2624|http://www.sunmism.com/2559|http://www.sunmism.com/145|http://www.sunmism.com/2177|http://www.nicovideo.jp/mylist/13083520|http://www.nicovideo.jp/mylist/12786621|http://www.nicovideo.jp/mylist/25694083|http://www.nicovideo.jp/mylist/14698014|http://www.nicovideo.jp/mylist/16254406|http://www.nicovideo.jp/mylist/16269807|http://www.nicovideo.jp/mylist/13284908#+sort=6|http://www.nicovideo.jp/mylist/15193265|http://www.nicovideo.jp/mylist/10506086|http://www.nicovideo.jp/mylist/15193273|http://www.nicovideo.jp/ranking/fav/daily/all|http://www.nicovideo.jp/search/%E6%B5%B7%E5%A4%96%20%E3%83%89%E3%83%AA%E3%83%BC%E3%83%A0|http://www.nicovideo.jp/ranking/fav/daily/game|http://www.nicovideo.jp/ranking/fav/daily/toho|http://www.nicovideo.jp/ranking/fav/daily/vocaloid|http://www.nicovideo.jp/ranking/fav/daily/anime|http://ch.nicovideo.jp/portal/anime|http://www.fakku.net/|http://www.fakku.net/manga/newest|http://www.fakku.net/doujinshi/newest|http://exhentai.org/|http://doujinland.com/|http://eternalblade.gpotato.com/teaser/|http://us.bladeandsoul.com/en/|http://www.pso2.com/us/html/index.html|http://imouto.my/configuring-potplayer-for-gpu-accelerated-video-playback-with-dxva-or-cuda-and-also-high-performance-software-decoding/#comments
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - ExtSQL: 2013-12-05 03:23; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-12-05 03:30; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2013-3-6 28008]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-12-29 24560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-21 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/29 17:28:46];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-1-19 146928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-7 239616]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-12-29 376304]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-7 1153368]
R2 SEVPNCLIENT;SoftEther VPN Client;C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2013-5-20 4297784]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-2-7 66328]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0056.sys [2013-5-20 28768]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-7 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-7 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-28 646248]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-3-6 44344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-25 94208]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-29 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-11-19 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-11-19 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-30 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: Applications\firefox.exe="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-27 00:34:49    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB7D2BB3-E92D-422A-AB16-F276A38CAB21}\mpengine.dll
2014-01-25 08:24:42    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-23 08:27:28    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{096DB7B8-0F2A-45B3-BEC3-1A81EF9351BF}\gapaengine.dll
2014-01-16 04:37:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-16 04:37:49    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-16 04:37:49    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-16 04:37:49    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-16 04:37:49    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-16 04:37:49    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-16 04:37:49    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-16 04:37:49    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-16 04:37:48    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-13 10:04:46    --------    d-----w-    C:\Program Files\LAV Filters
2014-01-08 16:41:26    --------    d-----w-    C:\Users\Eric\AppData\Local\ATI
2014-01-08 16:41:20    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-01-08 16:39:49    --------    d-----w-    C:\ProgramData\AMD
2014-01-08 16:39:48    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-01-08 16:39:47    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2014-01-08 16:38:58    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2014-01-08 16:38:56    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2014-01-08 16:35:43    --------    d-----w-    C:\Program Files\ATI Technologies
2014-01-08 16:35:40    --------    d-----w-    C:\Program Files\ATI
2014-01-08 16:34:32    --------    d-----w-    C:\AMD
2014-01-07 00:43:02    --------    d-----w-    C:\Users\Eric\Cyberlink
2013-12-30 17:37:02    --------    d-----w-    C:\Windows\CheckSur
.
==================== Find3M  ====================
.
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-17 13:32:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-17 13:32:08    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-16 05:15:01    135736    ----a-w-    C:\Windows\System32\vpncmd.exe
2013-12-06 22:08:46    157736    ----a-w-    C:\Windows\System32\amdhcp64.dll
2013-12-06 22:08:22    142304    ----a-w-    C:\Windows\SysWow64\amdhcp32.dll
2013-12-06 22:07:36    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10    143304    ----a-w-    C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46    126336    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00    115512    ----a-w-    C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38    98496    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52    1318552    ----a-w-    C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04    1100216    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16    9753752    ----a-w-    C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50    8406024    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00    8287008    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10    6630232    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20    8927704    ----a-w-    C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54    7751920    ----a-w-    C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14    13207552    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52    230912    ----a-w-    C:\Windows\System32\clinfo.exe
2013-12-06 21:38:34    99840    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28    83968    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18    73728    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58    29382144    ----a-w-    C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36    24860160    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28    63488    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24    57344    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44    129536    ----a-w-    C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40    26352128    ----a-w-    C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02    368640    ----a-w-    C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50    22157824    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04    588288    ----a-w-    C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:54    96256    ----a-w-    C:\Windows\System32\amdave64.dll
2013-12-06 20:22:48    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2013-12-06 20:22:42    1144320    ----a-w-    C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:38    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2013-12-06 20:22:34    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2013-12-06 20:22:28    825344    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12    74752    ----a-w-    C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04    100352    ----a-w-    C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54    96768    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44    626176    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2013-12-06 05:49:18    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2013-12-06 05:44:26    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2013-12-04 21:04:45    281872    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-12-04 21:04:36    281872    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-04 21:04:34    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-18 01:27:29    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 14:49:28.16 ===============

 

 

Luckily, there has been no sign of strange activities. That said I'm not sure if I'm really infected or not, or when will the perpetrator will get hands on my computer/accounts. I would like to make sure that I'm safe from such attacks.

 

Thank you, help would be appreciated it.

 

 

P.S I'll be changing my motherboard in a week or so, which I will perform clean Windows install for that new motherboard. I'll be only backing up handful of program settings from %AppData%/"program name". Since I'll be starting out pretty new, will this completely wipe out all of the potential infected items?

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 31 January 2014 - 11:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/522257 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 02 February 2014 - 01:44 PM

The clear description of the problem and steps I took are already explained in my opening post above. However, if you need more information or clarification please let me know.
Moreover, It's been more than a week since the incident happened and I have yet to experience any suspicious activities. As a result, I'm still not sure if I'm really infected or not... Maybe I cleaned it up while I was scanning (please refer to steps I took) though I can't assure that my computer is perfectly free from that malicious files.
 
Lastly, I would like to say again that I'll be replacing my motherboard in couple of days and starting fresh without imaging or cloning the old C drive.
That said, I will be copying essential files manually as well as my other drives (D and E, used for storage) will be untouched and remain as it is.
 
Here is the newest DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.45.2
Run by Eric at 5:41:12 on 2014-02-03
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.8183.5947 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
D:\__--USERS--__\Tenshi_\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uProxyOverride = local;<local>
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - LocalServer32 - <no file>
uURLSearchHooks: {94366e2c-9923-431c-b0d6-747447dd0f2b} - <orphaned>
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - LocalServer32 - <no file>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - LocalServer32 - <no file>
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - LocalServer32 - <no file>
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe"
mRun: [ghost] D:\__--Users--__\Tenshi_\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: ??? ????(&Q) - <no file>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: ??? ????(&Q) - <no file>
IE: ??? EXIF ?? ?? - <no file>
IE: タフケフチ・EXIF チ、コク コクア - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: %SystemRoot%\system32\WTFastDrv.dll
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{D5A1179C-22DB-49E3-B184-B758D8E502F4} : NameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: 0aMCPClient - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\
FF - prefs.js: browser.startup.homepage - hxxps://lms-blackboard.telt.unsw.edu.au/webapps/portal/frameset.jsp|https://blu172.mail.live.com/mail/?n=28232684&fid=1|http://forums.whirlpool.net.au/forum-replies.cfm?t=2151870|http://whirlpool.net.au/wiki/adsl_modem_router_bridge_mode|http://ue.logitech.com/en-au/product/ue900|http://www.amiami.com/|http://www.play-asia.com/cart.html|http://www.amazon.co.jp/ref=gno_logo|http://www.gensokyo.org/archives/3222|http://en.touhouwiki.net/wiki/Comics_by_Release|http://www.animetake.com/nourin-episode-3/|http://www.animetake.com/mahou-shoujo-madoka★magica-movie-3-hangyaku-no-monogatari/|http://www.nyaa.se/?page=search&cats=0_0&filter=0&term=sakura|http://randomc.net/2014/01/01/winter-2014-schedule/|https://nipponsei.minglong.org/index.php?section=Tracker&page=0|http://www.anime-sharing.com/forum/anime-osts-41/|http://www.mangatraders.com/|http://www.mangaupdates.com/mylist.html|http://forums.animesuki.com/|http://myanimelist.net/|http://randomc.net/|http://www.sankakucomplex.com/|http://boards.4chan.org/a/|http://boards.4chan.org/a/catalog|http://boards.4chan.org/a/res/100862569|http://www.mangatraders.com/manga/series/4046|http://boards.4chan.org/jp/catalog|http://boards.4chan.org/vg/catalog|http://www.doujinstyle.com/forum/viewtopic.php?id=7710|http://nandaka.wordpress.com/2013/12/18/pixiv-downloader-20131218/|http://www.pixiv.net/bookmark_new_illust.php?p=4|http://danbooru.donmai.us/artists?utf8=✓&search[name]=null&search[order]=date&commit=Search|http://www.pixiv.net/member.php?id=4556900|http://www.pixiv.net/member.php?id=563034|http://www.pixiv.net/member.php?id=328685|http://www.pixiv.net/member.php?id=488651|http://www.pixiv.net/member.php?id=288981|http://www.pixiv.net/member.php?id=9638|http://www.pixiv.net/member.php?id=2248262|http://www.pixiv.net/member.php?id=415059|http://www.pixiv.net/member.php?id=963778|http://www.pixiv.net/member.php?id=3044849|http://www.pixiv.net/member.php?id=518934|http://www.pixiv.net/member_illust.php?id=2761932|http://www.pixiv.net/member.php?id=7333|http://www.pixiv.net/member.php?id=5626224|http://seiga.nicovideo.jp/illust/ranking/point/hourly/toho|http://www.zerochan.net/|http://www.shrinemaiden.org/forum/index.php?board=2.0|http://moriyashrine.weebly.com/official-touhou-games.html|http://www.youtube.com/|http://www.nicovideo.jp/mylist/40176006|http://www.nicovideo.jp/mylist/31075621|http://www.nicovideo.jp/mylist/40489615|http://www.nicovideo.jp/mylist/38196074|http://www.sunmism.com/2925|http://www.sunmism.com/756|http://www.sunmism.com/2645|http://www.sunmism.com/2624|http://www.sunmism.com/2559|http://www.sunmism.com/145|http://www.sunmism.com/2177|http://www.nicovideo.jp/mylist/13083520|http://www.nicovideo.jp/mylist/12786621|http://www.nicovideo.jp/mylist/25694083|http://www.nicovideo.jp/mylist/14698014|http://www.nicovideo.jp/mylist/16254406|http://www.nicovideo.jp/mylist/16269807|http://www.nicovideo.jp/mylist/13284908#+sort=6|http://www.nicovideo.jp/mylist/15193265|http://www.nicovideo.jp/mylist/10506086|http://www.nicovideo.jp/mylist/15193273|http://www.nicovideo.jp/ranking/fav/daily/all|http://www.nicovideo.jp/search/海外%20ドリーム|http://www.nicovideo.jp/ranking/fav/daily/game|http://www.nicovideo.jp/ranking/fav/daily/toho|http://www.nicovideo.jp/ranking/fav/daily/vocaloid|http://www.nicovideo.jp/ranking/fav/daily/anime|http://ch.nicovideo.jp/portal/anime|http://www.fakku.net/|http://www.fakku.net/manga/newest|http://www.fakku.net/doujinshi/newest|http://exhentai.org/|http://doujinland.com/|http://eternalblade.gpotato.com/teaser/|http://us.bladeandsoul.com/en/|http://www.pso2.com/us/html/index.html|http://imouto.my/configuring-potplayer-for-gpu-accelerated-video-playback-with-dxva-or-cuda-and-also-high-performance-software-decoding/#comments
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - ExtSQL: 2013-12-05 03:23; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-12-05 03:30; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2013-3-6 28008]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-12-29 24560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-21 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/29 17:28:46];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-1-19 146928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-7 239616]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-12-29 376304]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-7 1153368]
R2 SEVPNCLIENT;SoftEther VPN Client;C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2013-5-20 4297784]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-2-7 66328]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0056.sys [2013-5-20 28768]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-7 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-7 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-28 646248]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-3-6 44344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-25 94208]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-29 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-11-19 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-11-19 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-30 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: Applications\firefox.exe="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-02-02 05:59:47    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A432BBE9-416D-45AF-BE0E-C056B2CBB987}\mpengine.dll
2014-02-02 00:09:06    --------    d-----w-    C:\Program Files\HoneyView3
2014-02-01 00:19:29    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-23 08:27:28    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{096DB7B8-0F2A-45B3-BEC3-1A81EF9351BF}\gapaengine.dll
2014-01-16 04:37:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-16 04:37:49    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-16 04:37:49    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-16 04:37:49    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-16 04:37:49    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-16 04:37:49    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-16 04:37:49    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-16 04:37:49    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-16 04:37:48    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-13 10:04:46    --------    d-----w-    C:\Program Files\LAV Filters
2014-01-08 16:41:26    --------    d-----w-    C:\Users\Eric\AppData\Local\ATI
2014-01-08 16:41:20    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-01-08 16:39:49    --------    d-----w-    C:\ProgramData\AMD
2014-01-08 16:39:48    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-01-08 16:39:47    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2014-01-08 16:38:58    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2014-01-08 16:38:56    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2014-01-08 16:35:43    --------    d-----w-    C:\Program Files\ATI Technologies
2014-01-08 16:35:40    --------    d-----w-    C:\Program Files\ATI
2014-01-08 16:34:32    --------    d-----w-    C:\AMD
2014-01-07 00:43:02    --------    d-----w-    C:\Users\Eric\Cyberlink
.
==================== Find3M  ====================
.
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-17 13:32:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-17 13:32:08    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-16 05:15:01    135736    ----a-w-    C:\Windows\System32\vpncmd.exe
2013-12-06 22:08:46    157736    ----a-w-    C:\Windows\System32\amdhcp64.dll
2013-12-06 22:08:22    142304    ----a-w-    C:\Windows\SysWow64\amdhcp32.dll
2013-12-06 22:07:36    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10    143304    ----a-w-    C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46    126336    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00    115512    ----a-w-    C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38    98496    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52    1318552    ----a-w-    C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04    1100216    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16    9753752    ----a-w-    C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50    8406024    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00    8287008    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10    6630232    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20    8927704    ----a-w-    C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54    7751920    ----a-w-    C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14    13207552    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52    230912    ----a-w-    C:\Windows\System32\clinfo.exe
2013-12-06 21:38:34    99840    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28    83968    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18    73728    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58    29382144    ----a-w-    C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36    24860160    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28    63488    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24    57344    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44    129536    ----a-w-    C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40    26352128    ----a-w-    C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02    368640    ----a-w-    C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50    22157824    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04    588288    ----a-w-    C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:54    96256    ----a-w-    C:\Windows\System32\amdave64.dll
2013-12-06 20:22:48    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2013-12-06 20:22:42    1144320    ----a-w-    C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:38    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2013-12-06 20:22:34    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2013-12-06 20:22:28    825344    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12    74752    ----a-w-    C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04    100352    ----a-w-    C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54    96768    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44    626176    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2013-12-06 05:49:18    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2013-12-06 05:44:26    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2013-12-04 21:04:45    281872    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-12-04 21:04:36    281872    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-04 21:04:34    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-18 01:27:29    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
.
============= FINISH:  5:41:29.66 ===============
 

Thank you.

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 PM

Posted 09 February 2014 - 02:35 PM

Greetings kanade and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me and we will take a fresh look at the state of your computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 09 February 2014 - 08:24 PM

Thank you Oh My!, I really appreciate your help.

 

 

Here is FRST results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03
Ran by Eric (administrator) on ERIC-PC on 10-02-2014 12:18:09
Running from C:\Users\Eric\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Akamai Technologies, Inc.) C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Akamai Technologies, Inc.) C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
() D:\__--USERS--__\Tenshi_\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(BitTorrent Inc.) C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4297784 2014-02-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [ghost] - D:\__--Users--__\Tenshi_\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe [191488 2012-09-18] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\MountPoints2: F - F:\Run.exe
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL-x32: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} -  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
URLSearchHook: HKCU - (No Name) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - No File
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F2D03B0F-919C-4BB0-B43C-AE281C3ADC87}&mid=27c7f56d32624f2aae43ac40d5cb5c58-cf6a29802a19c4681a3309adafb6c02514edbc37&lang=en&ds=bm011&pr=sa&d=2012-05-19 15:57:34&v=11.1.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0323A483-715B-4AA2-8BC1-1DDD2D35E6B8} URL = http://search.avg.com/?d=4e224b72&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F2D03B0F-919C-4BB0-B43C-AE281C3ADC87}&mid=27c7f56d32624f2aae43ac40d5cb5c58-cf6a29802a19c4681a3309adafb6c02514edbc37&lang=en&ds=bm011&pr=sa&d=2012-05-19 15:57:34&v=11.1.0.7&sap=dsp&q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 06 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 07 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 06 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 07 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 15 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Tcpip\..\Interfaces\{D5A1179C-22DB-49E3-B184-B758D8E502F4}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default
FF Homepage: https://lms-blackboard.telt.unsw.edu.au/webapps/portal/frameset.jsp|https://blu172.mail.live.com/mail/?n=28232684&fid=1|hxxp://forums.whirlpool.net.au/forum-replies.cfm?t=2151870|hxxp://whirlpool.net.au/wiki/adsl_modem_router_bridge_mode|hxxp://ue.logitech.com/en-au/product/ue900|hxxp://www.amiami.com/|hxxp://www.play-asia.com/cart.html|hxxp://www.amazon.co.jp/ref=gno_logo|hxxp://www.gensokyo.org/archives/3222|hxxp://en.touhouwiki.net/wiki/Comics_by_Release|hxxp://www.animetake.com/nourin-episode-3/|hxxp://www.animetake.com/mahou-shoujo-madoka%E2%98%85magica-movie-3-hangyaku-no-monogatari/|hxxp://www.nyaa.se/?page=search&cats=0_0&filter=0&term=sakura|hxxp://randomc.net/2014/01/01/winter-2014-schedule/|https://nipponsei.minglong.org/index.php?section=Tracker&page=0|hxxp://www.anime-sharing.com/forum/anime-osts-41/|hxxp://www.mangatraders.com/|hxxp://www.mangaupdates.com/mylist.html|hxxp://forums.animesuki.com/|hxxp://myanimelist.net/|hxxp://randomc.net/|hxxp://www.sankakucomplex.com/|hxxp://boards.4chan.org/a/|hxxp://boards.4chan.org/a/catalog|hxxp://boards.4chan.org/a/res/100862569|hxxp://www.mangatraders.com/manga/series/4046|hxxp://boards.4chan.org/jp/catalog|hxxp://boards.4chan.org/vg/catalog|hxxp://www.doujinstyle.com/forum/viewtopic.php?id=7710|hxxp://nandaka.wordpress.com/2013/12/18/pixiv-downloader-20131218/|hxxp://www.pixiv.net/bookmark_new_illust.php?p=4|hxxp://danbooru.donmai.us/artists?utf8=%E2%9C%93&search%5Bname%5D=null&search%5Border%5D=date&commit=Search|hxxp://www.pixiv.net/member.php?id=4556900|hxxp://www.pixiv.net/member.php?id=563034|hxxp://www.pixiv.net/member.php?id=328685|hxxp://www.pixiv.net/member.php?id=488651|hxxp://www.pixiv.net/member.php?id=288981|hxxp://www.pixiv.net/member.php?id=9638|hxxp://www.pixiv.net/member.php?id=2248262|hxxp://www.pixiv.net/member.php?id=415059|hxxp://www.pixiv.net/member.php?id=963778|hxxp://www.pixiv.net/member.php?id=3044849|hxxp://www.pixiv.net/member.php?id=518934|hxxp://www.pixiv.net/member_illust.php?id=2761932|hxxp://www.pixiv.net/member.php?id=7333|hxxp://www.pixiv.net/member.php?id=5626224|hxxp://seiga.nicovideo.jp/illust/ranking/point/hourly/toho|hxxp://www.zerochan.net/|hxxp://www.shrinemaiden.org/forum/index.php?board=2.0|hxxp://moriyashrine.weebly.com/official-touhou-games.html|hxxp://www.youtube.com/|hxxp://www.nicovideo.jp/mylist/40176006|hxxp://www.nicovideo.jp/mylist/31075621|hxxp://www.nicovideo.jp/mylist/40489615|hxxp://www.nicovideo.jp/mylist/38196074|hxxp://www.sunmism.com/2925|hxxp://www.sunmism.com/756|hxxp://www.sunmism.com/2645|hxxp://www.sunmism.com/2624|hxxp://www.sunmism.com/2559|hxxp://www.sunmism.com/145|hxxp://www.sunmism.com/2177|hxxp://www.nicovideo.jp/mylist/13083520|hxxp://www.nicovideo.jp/mylist/12786621|hxxp://www.nicovideo.jp/mylist/25694083|hxxp://www.nicovideo.jp/mylist/14698014|hxxp://www.nicovideo.jp/mylist/16254406|hxxp://www.nicovideo.jp/mylist/16269807|hxxp://www.nicovideo.jp/mylist/13284908#+sort=6|hxxp://www.nicovideo.jp/mylist/15193265|hxxp://www.nicovideo.jp/mylist/10506086|hxxp://www.nicovideo.jp/mylist/15193273|hxxp://www.nicovideo.jp/ranking/fav/daily/all|hxxp://www.nicovideo.jp/search/%E6%B5%B7%E5%A4%96%20%E3%83%89%E3%83%AA%E3%83%BC%E3%83%A0|hxxp://www.nicovideo.jp/ranking/fav/daily/game|hxxp://www.nicovideo.jp/ranking/fav/daily/toho|hxxp://www.nicovideo.jp/ranking/fav/daily/vocaloid|hxxp://www.nicovideo.jp/ranking/fav/daily/anime|hxxp://ch.nicovideo.jp/portal/anime|hxxp://www.fakku.net/|hxxp://www.fakku.net/manga/newest|hxxp://www.fakku.net/doujinshi/newest|hxxp://exhentai.org/|hxxp://doujinland.com/|hxxp://eternalblade.gpotato.com/teaser/|hxxp://us.bladeandsoul.com/en/|hxxp://www.pso2.com/us/html/index.html|hxxp://imouto.my/configuring-potplayer-for-gpu-accelerated-video-playback-with-dxva-or-cuda-and-also-high-performance-software-decoding/#comments
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NexonPlugWebExtension - C:\ProgramData\Nexon\NexonPlug\npPlugWire_1.0.0.0.dll No File
FF Plugin-x32: @nexon.com/NxGame - C:\ProgramData\Nexon\NGM\npNxGame.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: pmang.jp/pmangsupport-1 - C:\GameOn\Common files\nppmangsupport.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\rikaichan-jpen@polarcloud.com [2014-01-25]
FF Extension: Rikaichan - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2013-06-17]
FF Extension: Flashblock - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-06-17]
FF Extension: Cookies Manager+ - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-11-12]
FF Extension: ImageHost Grabber - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2013-06-17]
FF Extension: Bazzacuda Image Saver Plus - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} [2014-01-25]
FF Extension: Ank Pixiv Tool - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\ankpixiv@snca.net.xpi [2013-06-17]
FF Extension: Stylish - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-12-05]
FF Extension: Image Search Options - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2013-06-17]
FF Extension: YouTube High Definition - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2013-10-13]
FF Extension: Downloads Window - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2014-01-25]
FF Extension: Adblock Plus - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]
FF Extension: Greasemonkey - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-17]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Eric\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: https://www.allyours.com/public/login/login.html?EntryURL=https%3A%2F%2Fwww.allyours.com%2Fhome%2Fwwsupermarkets.html
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-30]
CHR Extension: (Google Drive) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-30]
CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-30]
CHR Extension: (Google Search) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-30]
CHR Extension: (Google Wallet) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-21]
CHR Extension: (Gmail) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-30]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-24] (SUPERAntiSpyware.com)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 HPSLPSVC; C:\Users\Eric\AppData\Local\Temp\7zS3662\hpslpsvc64.dll [1039360 2012-08-23] (Hewlett-Packard Co.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3898872 2012-09-13] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-05] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4297784 2014-02-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [665616 2011-12-28] (Wellbia.com Co., Ltd.)

==================== Drivers (Whitelisted) ====================

R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-21] (DT Soft Ltd)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0056.sys [28768 2013-05-20] (SoftEther Project at University of Tsukuba, Japan.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2013-03-06] (Synaptics Incorporated)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-01-19] (CyberLink Corp.)
S3 ALSysIO; \??\C:\Users\Eric\AppData\Local\Temp\ALSysIO64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 X6va003; \??\C:\Users\Eric\AppData\Local\Temp\0036E6.tmp [X]
S3 X6va005; \??\C:\Users\Eric\AppData\Local\Temp\0055E15.tmp [X]
S3 X6va006; \??\C:\Users\Eric\AppData\Local\Temp\006F7E8.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 12:18 - 2014-02-10 12:18 - 00033276 _____ () C:\Users\Eric\Desktop\FRST.txt
2014-02-10 12:17 - 2014-02-10 12:18 - 00000000 ____D () C:\FRST
2014-02-10 12:16 - 2014-02-10 12:16 - 02170880 _____ (Farbar) C:\Users\Eric\Desktop\FRST64.exe
2014-02-10 00:36 - 2014-02-10 00:36 - 00003288 _____ () C:\Windows\System32\Tasks\{240DAB3D-C232-4B0F-BF61-3F4E1B9D3617}
2014-02-06 11:58 - 2014-02-10 12:11 - 00000142 _____ () C:\Users\Eric\Desktop\TO DO TO DO BEFORE BACKUP!!!.txt
2014-02-06 10:41 - 2014-02-06 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 09:43 - 2014-02-06 09:43 - 00000000 ____D () C:\Program Files\HoneyView3
2014-02-03 05:47 - 2014-02-10 11:10 - 00005371 _____ () C:\Windows\comsetup.log
2014-01-26 18:13 - 2014-01-26 18:13 - 00000000 _____ () C:\dfu.log
2014-01-16 15:37 - 2013-11-27 12:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 15:37 - 2013-11-27 12:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 15:37 - 2013-11-27 12:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 15:37 - 2013-11-27 12:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 15:37 - 2013-11-27 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 15:37 - 2013-11-27 12:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 15:37 - 2013-11-27 12:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 15:37 - 2013-11-26 22:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 15:37 - 2013-11-26 21:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 21:04 - 2014-01-13 21:28 - 00000000 ____D () C:\Program Files\LAV Filters

==================== One Month Modified Files and Folders =======

2014-02-10 12:18 - 2014-02-10 12:18 - 00033276 _____ () C:\Users\Eric\Desktop\FRST.txt
2014-02-10 12:18 - 2014-02-10 12:17 - 00000000 ____D () C:\FRST
2014-02-10 12:18 - 2010-12-31 17:17 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\uTorrent
2014-02-10 12:16 - 2014-02-10 12:16 - 02170880 _____ (Farbar) C:\Users\Eric\Desktop\FRST64.exe
2014-02-10 12:11 - 2014-02-06 11:58 - 00000142 _____ () C:\Users\Eric\Desktop\TO DO TO DO BEFORE BACKUP!!!.txt
2014-02-10 12:06 - 2013-01-20 11:52 - 00000000 ___DC () C:\Users\Eric\AppData\Local\MigWiz
2014-02-10 11:39 - 2013-06-30 13:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 11:10 - 2014-02-03 05:47 - 00005371 _____ () C:\Windows\comsetup.log
2014-02-10 09:04 - 2010-12-29 13:59 - 01308625 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 07:39 - 2013-06-30 13:15 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 05:49 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\registration
2014-02-10 01:57 - 2011-01-08 10:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-10 01:44 - 2009-07-14 15:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 01:44 - 2009-07-14 15:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 01:42 - 2012-01-18 12:37 - 00419730 _____ () C:\Windows\system32\perfh011.dat
2014-02-10 01:42 - 2012-01-18 12:37 - 00123052 _____ () C:\Windows\system32\perfc011.dat
2014-02-10 01:42 - 2012-01-18 12:26 - 00423246 _____ () C:\Windows\system32\perfh012.dat
2014-02-10 01:42 - 2012-01-18 12:26 - 00121210 _____ () C:\Windows\system32\perfc012.dat
2014-02-10 01:42 - 2009-07-14 16:13 - 01865700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 01:37 - 2013-08-07 06:42 - 00016345 _____ () C:\Windows\setupact.log
2014-02-10 01:37 - 2013-04-13 01:07 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-02-10 01:37 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 01:36 - 2013-09-25 02:00 - 00327084 _____ () C:\Windows\PFRO.log
2014-02-10 00:36 - 2014-02-10 00:36 - 00003288 _____ () C:\Windows\System32\Tasks\{240DAB3D-C232-4B0F-BF61-3F4E1B9D3617}
2014-02-10 00:35 - 2010-12-31 17:18 - 00000000 ____D () C:\Program Files (x86)\uTorrentBar
2014-02-10 00:14 - 2012-01-26 05:46 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Mp3tag
2014-02-08 19:51 - 2012-05-15 01:13 - 00000000 ____D () C:\Users\Eric\AppData\Local\Paint.NET
2014-02-06 14:45 - 2012-05-04 09:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 10:46 - 2011-01-05 18:34 - 00000000 ____D () C:\Users\Eric\AppData\Local\Adobe
2014-02-06 10:45 - 2013-08-06 05:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 10:45 - 2013-08-06 05:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 10:41 - 2014-02-06 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 09:43 - 2014-02-06 09:43 - 00000000 ____D () C:\Program Files\HoneyView3
2014-01-29 17:15 - 2012-10-28 05:09 - 00000000 ___RD () C:\Users\Eric\Desktop\Converting~
2014-01-29 16:46 - 2012-11-04 21:46 - 00000000 ___RD () C:\Users\Eric\Desktop\やっている ゲーム
2014-01-27 05:06 - 2010-12-31 17:18 - 00000000 ____D () C:\Program Files (x86)\ConduitEngine
2014-01-26 23:07 - 2012-01-07 20:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-26 22:59 - 2012-01-07 19:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-26 18:13 - 2014-01-26 18:13 - 00000000 _____ () C:\dfu.log
2014-01-19 18:33 - 2013-01-20 03:51 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 16:15 - 2012-07-18 04:28 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2014-01-16 15:55 - 2009-07-14 15:45 - 00431040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 15:42 - 2010-12-29 16:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 15:41 - 2013-07-14 17:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 15:39 - 2010-12-29 18:50 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 22:08 - 2013-12-30 02:02 - 00000000 ____D () C:\Users\Eric\Desktop\pixivutil20131218
2014-01-13 21:28 - 2014-01-13 21:04 - 00000000 ____D () C:\Program Files\LAV Filters
2014-01-13 21:04 - 2012-12-15 13:46 - 00000000 ____D () C:\Program Files (x86)\LAV Filters

Files to move or delete:
====================
C:\ProgramData\PKP_DLet.DAT


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 07:14

==================== End Of Log ============================

 

 

Here is additional log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014 03
Ran by Eric at 2014-02-10 12:18:40
Running from C:\Users\Eric\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
µTorrent (HKCU Version: 3.3.2.30260 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AIVIA GHOST (x32 Version: 1.04.0000 - GIGABYTE)
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (x32 Version:  - )
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Auslogics Disk Defrag (x32 Version: 3.6 - Auslogics Software Pty Ltd)
AviSynth 2.5 (x32 Version:  - )
Awesome Duplicate Photo Finder v. 1.0.1 (x32 Version:  - Duplicate-Finder.com)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 3.26 - Piriform)
CodecInstaller 2.10.2 (x32 Version: 2.10.2 - JockerSoft)
Conduit Engine (x32 Version:  - Conduit Ltd.) <==== ATTENTION
Content Manager Assistant for PlayStation® (x32 Version: 2.50.6733.38 - Sony Computer Entertainment Inc.)
ContentSAFER for Wizmax (x32 Version:  - )
Core Temp 1.0 RC4 (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (x32 Version:  - Valve)
CrystalDiskInfo 6.0.4 Shizuku Edition (x32 Version: 6.0.4 - Crystal Dew World)
CyberLink BD Advisor 2.0 (x32 Version:  - )
CyberLink Blu-ray Disc Suite (x32 Version: 7.0.2407 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 7.0.2407 - CyberLink Corp.) Hidden
CyberLink InstantBurn (x32 Version: 5.0.6210 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2623 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2623 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 5.0.1423 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1423 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerBackup (x32 Version: 2.5.6023 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2519.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2519.50 - CyberLink Corp.) Hidden
CyberLink PowerProducer (x32 Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2429 - CyberLink Corp.) Hidden
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
EmoDio (x32 Version: 1.0 - Samsung)
EmoDio (x32 Version: 1.0 - Samsung) Hidden
erLC (x32 Version: 1.20.0137 - Logicool, Inc.) Hidden
erLT (x32 Version: 1.20.137.31 - Logitech, Inc.) Hidden
eXceed 3rd - Jade Penetrate Black Package (x32 Version:  - Tennen-sozai)
Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
ffdshow v1.3.4515 [2013-06-12] (x32 Version: 1.3.4515.0 - )
foobar2000 v1.1.16 (x32 Version: 1.1.16 - Peter Pawlowski)
Free Mp3 Wma Ogg Converter 7.1.2 (x32 Version:  - CyberPower Tech, Inc.)
FW LiveUpdate (x32 Version: 2.0.6.2 - SAMSUNG)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HoneyView3 (Version:  - kippler@gmail.com)
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (Version: 14.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
ImTOO MOV to MP4 Converter 6 (x32 Version: 6.7.0.0913 - ImTOO)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAV Filters 0.60.0 (x32 Version: 0.60.0 - Hendrik Leppkes)
League of Legends (x32 Version: 1.3 - Riot Games)
League of Legends (x32 Version: 1.3 - Riot Games) Hidden
LightScribe System Software (x32 Version: 1.18.11.1 - LightScribe)
Logitech Gaming Software (Version: 8.35.18 - Logitech Inc.) Hidden
Logitech Gaming Software 8.35 (Version: 8.35.18 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (JPN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (KOR) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (日本語) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1(한국어) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
mIRC (x32 Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 27.0 (x86 en-US) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
Mp3tag v2.53 (x32 Version: v2.53 - Florian Heidenreich)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nikon File Uploader 2 (x32 Version: 2.00.0001 - Nikon)
Nikon Message Center 2 (x32 Version: 2.0.1 - Nikon)
NVIDIA Control Panel 296.10 (Version: 296.10 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
osu! (x32 Version: 0.0.0.0 - peppy)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
PandoraTV Toolbar Updater (HKCU Version: 1.2.0.20007 - Ask.com)
PDFCreator (x32 Version: 0.9.1 - Frank Heind?fer, Philip Chinery)
PFPortChecker 1.0.39 (x32 Version: 1.0.39 - Portforward.com)
Picture Control Utility (x32 Version: 1.2.0 - Nikon)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
REACTOR (x32 Version: 1.00.0000 - ijji)
Real Alternative 2.0.2 Lite (x32 Version: 2.0.2 - )
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011 - Realtek)
S4 League_EU (x32 Version: 1.00.0000 - )
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 14.0 - HP)
Skype™ 6.1 (x32 Version: 6.1.129 - Skype Technologies S.A.)
SmoothVideo Project version 3.1.5 (x32 Version: 3.1.5 - SVP)
SoftEther VPN Client (Version: 4.04.9412 - SoftEther VPN Project)
Soldier Front 2 (x32 Version:  - )
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Speccy (Version: 1.24 - Piriform)
SpeedFan (remove only) (x32 Version:  - )
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (Version: 5.0.1142 - SUPERAntiSpyware.com)
System Requirements Lab (x32 Version:  - )
System Requirements Lab CYRI (x32 Version: 4.5.1.0 - Husdawg, LLC)
Team Fortress 2 (x32 Version:  - Valve)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
uTorrentBar Toolbar (x32 Version: 6.2.7.3 - uTorrentBar) <==== ATTENTION
ViewNX 2 (x32 Version: 2.0.1 - Nikon)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKCU Version:  - )
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (x32 Version:  - )
World of Tanks (x32 Version:  - Wargaming.net)
WTFast 3.0 (x32 Version: 3.0.2.9 - Initex & AAA Internet Publishing)
알송 2.76 (x32 Version: v2.76 - ESTsoft Corp.)
알집 9.0 (x32 Version: v9.0 - ESTsoft Corp.)
알툴즈 업데이트 (x32 Version: v13.7 - ESTsoft Corp.)
東方星蓮船 ver 1.00a (x32 Version:  - )
東方輝針城 ver 1.00a (x32 Version:  - )
東方風神録 ver 1.00a (x32 Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 13:34 - 2013-06-30 03:13 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C3A7398-5832-4751-8DFC-DF9293ED8E92} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-20] (Piriform Ltd)
Task: {1CB7B8F9-F12B-41BC-BC4B-89276ED0C5E2} - System32\Tasks\ESTsoft RunAsStdUser 2287661Task => C:\Program Files (x86)\ESTsoft\ALSee\ALSee.exe
Task: {623B4505-FB86-4DBA-BCA5-750E6ABD9A74} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ESTsoft\ALSong\ALSong.exe [2012-09-27] (ESTsoft Corp.)
Task: {66601FD4-16E6-4442-8353-CCDFBEB26CD8} - System32\Tasks\Core Temp Autostart Eric => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {734CC370-F08D-45DF-BD11-D258BFBA59D4} - System32\Tasks\ESTsoft RunAsStdUser 1110649Task => C:\Program Files (x86)\ESTsoft\ALSee\ALSee.exe
Task: {A95D85D3-D1A2-44DC-8375-12B7F3D39B48} - System32\Tasks\ESTsoft RunAsStdUser 1389064Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe [2013-04-01] (ESTsoft Corp.)
Task: {ACF741F1-1673-4D88-AD49-67362FA2F487} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C36F6045-727D-4134-B6D3-CA5F499CE18F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.)
Task: {EC33E941-A0C4-4E98-93EC-05E208BD1D1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-29 16:06 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-06-09 18:17 - 2013-06-09 18:17 - 00012520 _____ () C:\Users\Eric\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.2.gadget\CoreTempReader.dll
2013-06-09 18:17 - 2013-06-09 18:17 - 00015080 _____ () C:\Users\Eric\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.2.gadget\GetCoreTempInfoNET.dll
2013-06-09 18:17 - 2013-06-09 18:17 - 00014056 _____ () C:\Users\Eric\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.2.gadget\SystemInfo.dll
2012-09-18 15:41 - 2012-09-18 15:41 - 00191488 _____ () D:\__--USERS--__\Tenshi_\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
2013-09-06 05:11 - 2013-12-05 08:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-06 10:41 - 2014-02-06 10:41 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Faulty Device Manager Devices =============

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2014 11:38:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/10/2014 11:38:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/10/2014 05:54:32 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {137d63b1-5d16-42ac-92b5-32f82334344c}

Error: (02/10/2014 01:21:17 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e4b30bb2-3994-455b-b4ba-a9a935b149fe}

Error: (02/10/2014 00:36:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74b46c6a
Faulting process id: 0x2edc
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (02/10/2014 00:36:11 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.

Program: Windows Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (02/10/2014 00:36:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: AcLayers.DLL, version: 6.1.7601.17974, time stamp: 0x507d0f4c
Exception code: 0xc000001d
Fault offset: 0x00026c6e
Faulting process id: 0x30a0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (02/10/2014 00:22:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/10/2014 00:22:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/10/2014 00:22:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (02/02/2014 04:46:50 PM) (Source: Service Control Manager) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/02/2014 04:46:35 PM) (Source: Service Control Manager) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/28/2014 05:12:26 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/27/2014 10:35:50 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SAMSUNG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D5A1179C-22DB-49E3-B184-B758D8E502F4}.
The master browser is stopping or an election is being forced.

Error: (01/26/2014 06:23:06 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/12/2014 07:56:36 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SAMSUNG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D5A1179C-22DB-49E3-B184-B758D8E502F4}.
The master browser is stopping or an election is being forced.

Error: (01/10/2014 08:29:16 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/10/2014 08:29:16 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/10/2014 08:12:40 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/04/2014 10:31:11 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (05/25/2013 01:32:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 248 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2011-01-21 20:56:05.005
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-21 20:56:05.001
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-21 20:55:58.636
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-21 20:55:58.632
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-21 20:51:06.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-21 20:51:06.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-21 20:50:58.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-21 20:50:58.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-13 10:55:10.662
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-13 10:55:10.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\vtany.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8183.42 MB
Available physical RAM: 5299.78 MB
Total Pagefile: 16365.02 MB
Available Pagefile: 13398.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Desktop :)) (Fixed) (Total:167.58 GB) (Free:33.55 GB) NTFS
Drive d: (MAIN NABE ^^ ) (Fixed) (Total:1863.01 GB) (Free:502.1 GB) NTFS
Drive e: (NABE~ (三)) (Fixed) (Total:465.76 GB) (Free:44.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 273AE591)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 89B2B729)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: D3696223)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 PM

Posted 09 February 2014 - 11:14 PM

My pleasure.

Lots to do in this first post. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\MountPoints2: F - F:\Run.exe
SSODL-x32: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} -  No File
URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
URLSearchHook: HKCU - (No Name) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - No File
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF Plugin-x32: @nexon.com/NexonPlugWebExtension - C:\ProgramData\Nexon\NexonPlug\npPlugWire_1.0.0.0.dll No File
FF Plugin-x32: @nexon.com/NxGame - C:\ProgramData\Nexon\NGM\npNxGame.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: pmang.jp/pmangsupport-1 - C:\GameOn\Common files\nppmangsupport.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
S3 X6va003; \??\C:\Users\Eric\AppData\Local\Temp\0036E6.tmp [X]
S3 X6va005; \??\C:\Users\Eric\AppData\Local\Temp\0055E15.tmp [X]
S3 X6va006; \??\C:\Users\Eric\AppData\Local\Temp\006F7E8.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
C:\ProgramData\PKP_DLet.DAT
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\vtany.sys

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 10 February 2014 - 06:56 AM

Regarding to "P2P Warning" I would like to keep using it as it is one of my main activities I perform on my PC. More so, I only visit 2 or 3 popular sites which provides safe torrents and is download/used by a lot of people. On top of that, all of the torrent files are in heavy moderation by admins and there are no such ads that trigger pop ups/malicious flash (I use adblock and flashblock addons for my browser though the sites I visit has no such ads that does this). Lastly, I always check what I download and scan with my current AVs and online scanners before using it.

That said, yes, I'm exposing myself by using torrent however I believe that I can reduce the chance of getting infected if I continue being cautious, know what I'm doing and download torrents that is heavily moderated and used by many people. For the current issue, I didn't potentially get infected because of torrent but instead I downloaded directly and ran malicious files without checking its integrity.

FYI, these are the only sites I visit when downloading torrents: http://www.nyaa.se/ and http://tokyotosho.info/.

 

I have successfully uninstalled Spybot S&D however, a message pop up saying that there some elements that hasn't been uninstalled and thus needs to be removed manually.

eP9jj8Z.png

I'm not sure what those "elements" are so could you tell me where I can find these to completely remove these programs?

 

Here is AdwCleaner log. Also, the removed items were quarantined in  C drive (under AdwCleaner folder). Do I delete the whole folder or leave it?

# AdwCleaner v3.018 - Report created 10/02/2014 at 21:08:52
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Eric - ERIC-PC
# Running from : C:\Users\Eric\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\Eric\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Eric\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Eric\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Eric\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Eric\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Eric\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Eric\AppData\Roaming\Ask.com
Folder Deleted : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\Conduit
Folder Deleted : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\ConduitEngine
File Deleted : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_iconx_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_iconx_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mirillis-action_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mirillis-action_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_powerstrip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_powerstrip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EB5F1D7D-4A93-443F-B290-F4AB20A17834}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5F1D7D-4A93-443F-B290-F4AB20A17834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EB5F1D7D-4A93-443F-B290-F4AB20A17834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA810801-5458-4267-88C5-35982E6C67D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7BC5498B-53AE-46E8-AE00-5FC8923AFD40}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{94366E2C-9923-431C-B0D6-747447DD0F2B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7nqn6ebi.default\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "31-12-2010");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Dec 31 2010 18:51:35 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 156);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "31-12-2010");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Fri Dec 31 2010 18:51:35 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Fri Dec 31 2010 18:51:35 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.2.3.3");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Fri Dec 31 2010 18:51:26 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Fri Dec 31 2010 18:51:34 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1292489785");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Dec 31 2010 18:51:26 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2786678.UserID", "UN97855232759509626");
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Dec 31 2010 18:51:37 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Fri Dec 31 2010 18:51:35 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Fri Dec 31 2010 18:51:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/524418/520288/AU", "\"1-198245-49903200\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666152/662013/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/712195/708055/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/951068/946841/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1285982114\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "Zee/agZSWJctT5JcsQKOQQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "a47lyj7cLWBfKLgeVP5JNA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "o2to7MmrsZrvbHYQMnKy6A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634293235860000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1292489785\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634292354593700000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.insanitypop.com/conduit/Classic_Games_Arcade_5.0/mainpage.html", "79x129");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 25 2011 10:10:23 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 24 2011 22:47:05 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "22337935-9551-4134-9710-690b534d4d48");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Dec 31 2010 18:51:37 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.BrowserCompStateIsOpen_8361972901080641861", true);
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "12/31/2010 10");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Fri Dec 31 2010 18:51:34 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Aug 24 2011 22:47:08 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Aug 25 2011 15:28:24 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Aug 25 2011 15:28:24 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN76469842327488321");
Line Deleted : user_pref("ConduitEngine.apps8361972901080641861", false);
Line Deleted : user_pref("ConduitEngine.backendstorage.appbuttondisablenull", "30");
Line Deleted : user_pref("ConduitEngine.backendstorage.campidconduitengine", "35333336353630343230");
Line Deleted : user_pref("ConduitEngine.backendstorage.casessiondatagbconduitengine", "");
Line Deleted : user_pref("ConduitEngine.backendstorage.clientalerttimeconduitengine", "5468752044656320333020323031302031393A34363A343920474D542B313130302028415553204561737465726E204461796C696768742054696D6529");
Line Deleted : user_pref("ConduitEngine.backendstorage.clientalerttokengkconduitengine", "");
Line Deleted : user_pref("ConduitEngine.backendstorage.countrycodeconduitengine", "54686973206669656C64206973206E6F7420737570706F7274656420696E2044422E20506C65617365207570677261646520796F7572204950324C6F636174696F6E[...]
Line Deleted : user_pref("ConduitEngine.backendstorage.dailydealsconduitengine", "7B2264617465223A2233312F31312F32303130222C2264617461223A7B226C696E6B223A22687474703A2F2F6465616C732E656261792E636F6D2F222C226974656D7[...]
Line Deleted : user_pref("ConduitEngine.backendstorage.ebayclientalertconduitengine", "5B5D");
Line Deleted : user_pref("ConduitEngine.backendstorage.ebayclientalertenableconduitengine", "31");
Line Deleted : user_pref("ConduitEngine.backendstorage.ebayfirsttimetokenconduitengine", "31");
Line Deleted : user_pref("ConduitEngine.backendstorage.ebayguidconduitengine", "39313261316534612D633734322D306430352D313739652D626237646561386335653664");
Line Deleted : user_pref("ConduitEngine.backendstorage.ebaysessidconduitengine", "6663554141412A2A3362396265396365313264306132333637333736313731366666666666653464");
Line Deleted : user_pref("ConduitEngine.backendstorage.signoutflag", "74727565");
Line Deleted : user_pref("ConduitEngine.counterAppsAdded", 4);
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Aug 24 2011 22:47:08 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Line Deleted : user_pref("extensions.crossrider.bic", "13b78403d2ae0908078313718fbb3c54");
Line Deleted : user_pref("extensions.enabledItems", "engine@conduit.com:3.2.5.2,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390,{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}[...]
Line Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Line Deleted : user_pref("extensions.facemoods.firstRun", false);
Line Deleted : user_pref("extensions.facemoods.lastActv", "24");
Line Deleted : user_pref("mousewheel.default.delta_multiplier_y", 300);

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [25890 octets] - [10/02/2014 21:05:16]
AdwCleaner[S0].txt - [25403 octets] - [10/02/2014 21:08:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25464 octets] ##########
 

 

Here is the log for Junk Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by Eric on 10/02/2014 Mon at 22:25:20.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\RAM CPU Taskbar_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\RAM CPU Taskbar_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0323A483-715B-4AA2-8BC1-1DDD2D35E6B8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Eric\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Eric\AppData\Roaming\mozilla\firefox\profiles\7nqn6ebi.default\prefs.js

user_pref("extensions.imagesearchoptions.sitearray", "IQDB Search|1|1|chrome://ImageSearchOptions/content/images/IQDB.png;;;1|1|1|1;;;2;;;hxxp://iqdb.org;;;url=::$URL::;;;?|&;
Emptied folder: C:\Users\Eric\AppData\Roaming\mozilla\firefox\profiles\7nqn6ebi.default\minidumps [560 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/02/2014 Mon at 22:26:45.68
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Here is the log for Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-02-2014 03
Ran by Eric at 2014-02-10 22:35:21 Run:1
Running from C:\Users\Eric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-781708980-4270897791-1640309166-1000\...\MountPoints2: F - F:\Run.exe
SSODL-x32: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} -  No File
URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
URLSearchHook: HKCU - (No Name) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - No File
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF Plugin-x32: @nexon.com/NexonPlugWebExtension - C:\ProgramData\Nexon\NexonPlug\npPlugWire_1.0.0.0.dll No File
FF Plugin-x32: @nexon.com/NxGame - C:\ProgramData\Nexon\NGM\npNxGame.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: pmang.jp/pmangsupport-1 - C:\GameOn\Common files\nppmangsupport.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
S3 X6va003; \??\C:\Users\Eric\AppData\Local\Temp\0036E6.tmp [X]
S3 X6va005; \??\C:\Users\Eric\AppData\Local\Temp\0055E15.tmp [X]
S3 X6va006; \??\C:\Users\Eric\AppData\Local\Temp\006F7E8.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
C:\ProgramData\PKP_DLet.DAT
*****************

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-781708980-4270897791-1640309166-1000 => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient => Value deleted successfully.
HKLM\Software\Wow6432Node\Classes\CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{94366e2c-9923-431c-b0d6-747447dd0f2b} => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value not found.
HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value not found.
HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value not found.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.com/NexonPlugWebExtension => Key deleted successfully.
C:\ProgramData\Nexon\NexonPlug\npPlugWire_1.0.0.0.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.com/NxGame => Key deleted successfully.
C:\ProgramData\Nexon\NGM\npNxGame.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\pmang.jp/pmangsupport-1 => Key deleted successfully.
C:\GameOn\Common files\nppmangsupport.dll not found.
HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc => Key deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
X6va003 => Service deleted successfully.
X6va005 => Service deleted successfully.
X6va006 => Service deleted successfully.
X6va008 => Service deleted successfully.
X6va009 => Service deleted successfully.
X6va010 => Service deleted successfully.
X6va011 => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va013 => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.

==== End of Fixlog ====

 

 

Lastly, I can't find vtany.sys in Windows folder. I also enabled showed hidden files/folders however I wasn't able to find the file. Is there a way to find it or is it already have been deleted?

On the side note, it seems like the file is related to gaming clients as one user reported about the same file as suspicious in the official site (http://forum.nexoneu.com/showthread.php?628319-xhunter1-sys-and-vtany-sys)

 

 

Thanks again.


Edited by kanade, 10 February 2014 - 06:57 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 PM

Posted 10 February 2014 - 09:48 AM

Greetings,

Thanks for your thorough efforts. P2P is a personal decision but most people are not as cautious as you appear to be. Generally speaking, there is a high degree of danger in this type of file transfer so that is why the warning is always given by me.

I will have you run a program to search for vtany.sys. Yes, I know it is most likely related to a game but we need to be sure that file in particular is clean. That is not always the case as is indicated here.

Don't worry about the Spybot leftovers, they are probably related to the saving of items that may have been quarantined (neutralized) and are not automatically removed on the off chance one of the entries was quarantined in error.

Please do this which will allow us to determine definitively whether or not the file is present and if so allow us a chance to check it.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
vtany.sys
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search results
  • Any issues you are noticing?

Edited by Oh My, 10 February 2014 - 09:51 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 10 February 2014 - 11:14 AM

I appreciate your warnings as like you said, there is a "high degree of danger" when using P2P programs. With that in mind, I'll try to be more cautious and be more alerted to reduce the chance of getting infected.

 

it seems like FRST wasn't able to find vtany.sys as well. I've tried three times and all of them showed the same result shown below:

Farbar Recovery Scan Tool (x64) Version: 09-02-2014 03
Ran by Eric at 2014-02-11 03:00:43
Running from C:\Users\Eric\Desktop
Boot Mode: Normal

================== Search: "vtany.sys" ===================

====== End Of Search ======

 

As for any issues, it seems to be pretty normal as I haven't encountered any major issues. More so, since the day I ran those .scr files I haven't noticed any strange activities on my PC. However, these scans were very assuring and I feel more confident that my PC is clean.

That said, this is making me quite nervous as the file is nowhere to be found.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 PM

Posted 10 February 2014 - 03:55 PM

For whatever reason it is not uncommon to see the reporting of a file or other entry that isn't actually there. If you look at the FRST fixlist we ran several of those entries were not found either. Specifically targeting that file in a search and coming up empty should actually be reassuring rather than troubling.

Your computer seems to be in good shape. Is there anything else I might be able to assist you with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 10 February 2014 - 09:36 PM

That's very nice to hear. As long as I'm clear from possible infection I guess everything is alright.

 

Ultimately, if possible, I would like another confirmation before using my computer.


Edited by kanade, 10 February 2014 - 09:38 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 PM

Posted 10 February 2014 - 10:10 PM

No problem,

Please run these.

===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware Free and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • MBAM results
  • ESET results
  • How is your computer running now? Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 12 February 2014 - 07:36 PM

Sorry for the late reply though is it possible if you could extend the waiting time?

 

There is something wrong with my current motherboard as a result, I will have to change it to new one. It will be done around late today or early tomorrow.

As soon as its done, I will run those scans and post the logs as soon as possible.

 

That said, there is a high chance that I will start fresh by reinstalling OS meaning all of the datas in my C drive (i.e SSD) will be scraped. However, I've manually backed up some settings/files as well as datas in my other HDD hasn't been touched so regardless I will do the scans just to make sure.

 

Thanks for understanding and I will post the logs as soon as when all of this is over.


Edited by kanade, 12 February 2014 - 07:37 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 PM

Posted 12 February 2014 - 07:38 PM

No problem at all.  Thanks for keeping me updated.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 13 February 2014 - 11:19 PM

Alright I've just replaced my motherboard with fresh OS install.

Haven't installed much though I've brought handful of last remnants to preserve some settings. That said, both scans detected some malicious files.

 

For Malwarebytes, there were two logs:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.12.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
KIM :: KIM-PC30546 [administrator]

13/02/2014 12:36:51 PM
mbam-log-2014-02-13 (12-36-51).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 602463
Time elapsed: 1 hour(s), 20 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
D:\SYSTEM Backup (Do NOT Delete)\En Win7\Win7 UTIL\coretemp_1236.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
D:\♦ PSV + PSP_\☻ PSP (Hack + Backup)__\Hack~\OLD 5.03 GEN~\5-03gen-for-hen_1244382677.zip (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
KIM :: TENSHI [administrator]

14/02/2014 7:13:18 AM
mbam-log-2014-02-14 (07-13-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212665
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\KIM\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\KIM\Local Settings\Temporary Internet Files\Content.IE5\TQCM9NF1\video-saver_2070-2127[1].exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.
C:\Users\KIM\Local Settings\Temporary Internet Files\Content.IE5\ZVSO7WRV\BiTool[1].dll (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\KIM\Local Settings\Temporary Internet Files\Content.IE5\ZVSO7WRV\PFPortChecker3Offers_8007[1].exe (PUP.Optional.InstallMonetizer.A) -> Quarantined and deleted successfully.

(end)
 

 

For ESET:

C:\Users\KIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGKQ5G5I\easyspeedpc702B[1].data    multiple threats    deleted - quarantined
D:\__--USERS--__\Downloads\awesome_photo_finder.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\__--USERS--__\Downloads\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
D:\__--USERS--__\Downloads\coretemp_d7632790.exe    a variant of Win32/InstallIQ.A potentially unwanted application    deleted - quarantined
D:\__--USERS--__\Downloads\CrystalDiskInfo6_1_8ShizukuUltimate-en.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\__--USERS--__\Downloads\disk-defrag-setup.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
D:\__--USERS--__\Downloads\DTLite4481-0347.exe    Win32/DownWare.L potentially unwanted application    deleted - quarantined
D:\__--USERS--__\Downloads\FreeMp3WmaOggConverter.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\__--USERS--__\Downloads\spsetup125.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined

FYI, all these .exe were downloaded and installed as soon as I replaced my mobo. Though I'm kind of surprised why they are "potentially unsafe"... All of these are pretty well known and I haven't encountered any problems with it for my old system. Do I need to delete all of these programs?

 

As for the performance, well I've just replaced my motherboard and CPU so everything is running very smoothly and fairly faster than my previous system.

 

Ultimately, is this enough? Did we do everything to get rid of the "potential" infections or do we still need to carry on until everything is working 110%?


Edited by kanade, 13 February 2014 - 11:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users