Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Malware Programs find same infections even after clean/restart


  • This topic is locked This topic is locked
8 replies to this topic

#1 Woodchuckeroo

Woodchuckeroo

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 04 February 2014 - 07:52 PM

I recently began getting notifications upon startup that "Program -random number and letter combination-.exe could not initialize". This seemed suspicious, so I opened up task manager and, sure enough, I had some processes running that definitely weren't normal. A couple that stuck out were 'tumblr.exe' and 'MyImgur.exe'. Now, I use both those sites fairly regularly, but I've never known them to cause any processes to run on my computer, and I didn't even have a browser open at the time. There are typically multiple instances of these random processes running. I can end a few of them, but others say access is denied when I try.

 

Just this morning I began to get prompts from windows asking if I'd like to allow command prompt to make changes to my computer. I've tried running antivirus scans, anti-rootkit programs, etc. They always find and quarantine roughly 30 infected files, but when I restart to do full removal, I still get the "Program -random number and letter combination-.exe could not initialize" notifications upon startup, and I find that subsequent scans still find the same number of problems. I ran DDS, and I'll post my results below. Any help is very much appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.45.2
Run by Jake at 11:31:56 on 2014-02-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.5648 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\27218346293184.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\runservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\ProgramData\{$1284-9213-2940-1289$}\drivedll.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\SysWOW64\WScript.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com/
uDefault_Page_URL = hxxp://www.dell.com
uWindows: Load = C:\ProgramData\{$1284-9213-2940-1289$}\drivedll.exe
mWinlogon: Userinit = userinit.exe,
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Facebook Update] "C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Spotify Web Helper] "C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Default Key] C:\Users\Jake\AppData\Roaming\Default Folder\Default File.exe
uRun: [dll.exe] C:\Users\Jake\AppData\Roaming\drive\l.exe
uRun: [Installer] C:\Users\Jake\Documents\DCSCMIN\VBjCoy9T9DCQ\IMDCSC.exe
uRun: [windows] C:\Users\Jake\AppData\Roaming\service.exe
uRun: [Tumblr] C:\Users\Jake\Documents\DCSCMIN\pgLoRuTR2Ldn\pgLoRuTR2Ldn\Tumblr.exe
uRun: [Photobooth] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jake\AppData\Roaming\Photobooth.jar"
uRun: [java] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jake\AppData\Local\Temp\-1743791802.jar"
uRun: [jR] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jake\AppData\Local\Temp\51645.jar"
uRun: [sys] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jake\AppData\Roaming\sys.jar"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Anonymous.exe
StartupFolder: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url
StartupFolder: C:\Users\Jake\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iuBrowser.exe
StartupFolder: C:\Users\Jake\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tumblr.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/nirvana/controls/pcmatic.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7A35A04C-2F02-4B49-9DE0-E501F225955E} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7A35A04C-2F02-4B49-9DE0-E501F225955E}\2656C6B696E6E2035623 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7A35A04C-2F02-4B49-9DE0-E501F225955E}\2656C6B696E6E2134653 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7A35A04C-2F02-4B49-9DE0-E501F225955E}\34D43413 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{7A35A04C-2F02-4B49-9DE0-E501F225955E}\7557D24516E67602C414E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7A35A04C-2F02-4B49-9DE0-E501F225955E}\94E6475627E656470A23E203 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7A35A04C-2F02-4B49-9DE0-E501F225955E}\E4544574541425F5745756374713 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D6EA9F1D-2567-4831-8B37-43128A2DB63C} : DHCPNameServer = 72.44.127.5 72.44.127.4 216.234.97.3 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
x64-Run: [FreeFallProtection] .EXE
x64-Run: [BTMTrayAgent] TEL\BLUETOOTH\BTMSHELL.DLL",TRAYAPP
x64-Run: [IntelWireless] TEL WIRELESS TRAY
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] CE.VBS"
x64-Run: [AdobeAAMUpdater-1.0]  FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_046&u=USERGUID&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Jake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-10-28 32032]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-13 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-6-14 21616]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-10-28 300320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-14 98208]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-7-10 75144]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-7-10 385416]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2013-12-18 2560]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-8-24 386344]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-13 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-13 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-6-14 27760]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-1-23 176000]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-14 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-14 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-14 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-6-14 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-14 412264]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-7-10 397704]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-14 158976]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-6-14 174168]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-6-14 121960]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-04 16:18:36    --------    d-----w-    C:\Users\Jake\AppData\Roaming\dclogs
2014-02-04 01:43:01    82872    ----a-w-    C:\Windows\System32\drivers\sbapifs.sys
2014-02-04 01:42:45    --------    d-----w-    C:\ProgramData\PCPitstop
2014-02-04 01:42:40    --------    d-----w-    C:\Program Files (x86)\PCPitstop
2014-02-03 22:22:19    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0938D335-B54F-43FB-BB69-6765D68D80F4}\mpengine.dll
2014-02-03 00:58:19    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-03 00:49:11    --------    d-----w-    C:\Users\Jake\AppData\Roaming\drive
2014-01-31 21:33:11    661504    --sha-r-    C:\ProgramData\27218346293184.exe
2014-01-31 21:33:11    --------    d--h--w-    C:\ProgramData\{$1284-9213-2940-1289$}
2014-01-29 16:50:58    50    ----a-w-    C:\Users\Jake\AppData\Roaming\raio93.tmp
2014-01-29 16:50:53    --------    d-----w-    C:\Users\Jake\AppData\Roaming\imlgs
2014-01-29 16:50:53    --------    d-----w-    C:\Users\Jake\AppData\Roaming\Default Folder
2014-01-23 15:23:59    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D569EFE-C5B9-4533-8B8F-1804782C1C90}\gapaengine.dll
.
==================== Find3M  ====================
.
2014-02-04 16:18:16    1529    --sha-w-    C:\Windows\SysWow64\mmf.sys
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-18 08:53:11    126976    ----a-w-    C:\Windows\lcmmfu.cpl
2013-12-18 08:53:10    48640    ----a-w-    C:\Windows\mmfs.dll
2013-12-18 08:53:10    2560    ----a-w-    C:\Windows\Runservice.exe
2013-12-11 01:23:29    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 01:23:29    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-22 00:58:29    1246474    ----a-w-    C:\Users\Jake\AppData\Roaming\service.exe
2013-11-18 07:39:24    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-10 06:24:39    5245    --sha-w-    C:\Users\Jake\N71V74D.exe
.
============= FINISH: 11:35:55.41 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 05 February 2014 - 03:59 AM

Hi there,

there are indeed quite a few malware entries in your log..


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#3 Woodchuckeroo

Woodchuckeroo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 05 February 2014 - 12:59 PM

Thanks so much for the reply. Here are the contents of the combofix log file:

 

ComboFix 14-02-05.02 - Jake 02/05/2014  12:42:13.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.5555 [GMT -5:00]
Running from: c:\users\Jake\Downloads\Music\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Crack
c:\program files (x86)\Crack\Civ4v109.exe
c:\program files (x86)\Crack\Civilization4.exe
c:\programdata\27218346293184.exe
c:\programdata\Roaming
c:\users\Jake\AppData\Roaming\dclogs
c:\users\Jake\AppData\Roaming\Love
c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Anonymous.exe
c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url
c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iuBrowser.exe
c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tumblr.exe
c:\users\Jake\AppData\Roaming\msconfig.ini
c:\users\Jake\AppData\Roaming\raio93.tmp
c:\users\Jake\AppData\Roaming\service.exe
c:\users\Jake\Documents\~WRL0602.tmp
c:\users\Jake\Documents\~WRL0702.tmp
c:\users\Jake\Documents\~WRL0924.tmp
c:\users\Jake\Documents\DCSCMIN
c:\users\Jake\Documents\DCSCMIN\IMDCSC.exe
c:\users\Jake\Documents\DCSCMIN\pgLoRuTR2Ldn\Tumblr.exe
c:\users\Jake\Documents\DCSCMIN\Tumblr.exe
c:\users\Jake\Documents\DCSCMIN\VBjCoy9T9DCQ\IMDCSC.exe
c:\users\Jake\N71V74D.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-05 to 2014-02-05  )))))))))))))))))))))))))))))))
.
.
2014-02-05 17:50 . 2014-02-05 17:50    --------    d-----w-    c:\users\matt\AppData\Local\temp
2014-02-05 17:50 . 2014-02-05 17:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-05 17:50 . 2014-02-05 17:50    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-02-04 01:43 . 2012-10-24 18:39    82872    ----a-w-    c:\windows\system32\drivers\sbapifs.sys
2014-02-04 01:42 . 2014-02-04 16:18    --------    d-----w-    c:\programdata\PCPitstop
2014-02-04 01:42 . 2014-02-04 16:23    --------    d-----w-    c:\program files (x86)\PCPitstop
2014-02-03 22:22 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0938D335-B54F-43FB-BB69-6765D68D80F4}\mpengine.dll
2014-02-03 00:58 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-03 00:49 . 2014-02-03 04:44    --------    d-----w-    c:\users\Jake\AppData\Roaming\drive
2014-01-31 21:33 . 2014-02-04 22:42    --------    d--h--w-    c:\programdata\{$1284-9213-2940-1289$}
2014-01-29 16:50 . 2014-02-04 06:38    --------    d-----w-    c:\users\Jake\AppData\Roaming\imlgs
2014-01-29 16:50 . 2014-01-29 16:50    --------    d-----w-    c:\users\Jake\AppData\Roaming\Default Folder
2014-01-23 15:23 . 2013-11-18 16:42    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D569EFE-C5B9-4533-8B8F-1804782C1C90}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 21:23 . 2012-05-30 21:13    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-04 21:23 . 2011-06-17 22:21    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-19 07:33 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-18 08:53 . 2013-12-18 08:53    126976    ----a-w-    c:\windows\lcmmfu.cpl
2013-12-18 08:53 . 2013-12-18 08:53    48640    ----a-w-    c:\windows\mmfs.dll
2013-12-18 08:53 . 2013-12-18 08:53    2560    ----a-w-    c:\windows\Runservice.exe
2013-11-18 16:42 . 2013-12-07 00:25    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-11-18 07:39 . 2013-11-17 19:07    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-06 1168896]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
"Default Key"="c:\users\Jake\AppData\Roaming\Default Folder\Default File.exe" [2014-01-29 227840]
"dll.exe"="c:\users\Jake\AppData\Roaming\drive\l.exe" [2014-02-03 227840]
"Photobooth"="c:\program files (x86)\Java\jre7\bin\javaw.exe" [2013-10-08 175016]
"sys"="c:\program files (x86)\Java\jre7\bin\javaw.exe" [2013-10-08 175016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2013-01-08 577536]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinPhLdrNT;WinPhLdrNT;c:\users\Jake\AppData\Local\Temp\PhLdrX64.SYS;c:\users\Jake\AppData\Local\Temp\PhLdrX64.SYS [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 21:23]
.
2014-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core.job
- c:\users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 18:50]
.
2014-02-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA.job
- c:\users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 18:50]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core.job
- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-21 04:24]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA.job
- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-21 04:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="TEL WIRELESS TRAY" [X]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_046&u=USERGUID&q=
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Installer - c:\users\Jake\Documents\DCSCMIN\VBjCoy9T9DCQ\IMDCSC.exe
Wow6432Node-HKCU-Run-Tumblr - c:\users\Jake\Documents\DCSCMIN\pgLoRuTR2Ldn\pgLoRuTR2Ldn\Tumblr.exe
Toolbar-Locked - (no file)
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-FreeFallProtection - .EXE
HKLM-Run-BTMTrayAgent - TEL\BLUETOOTH\BTMSHELL.DLL
HKLM-Run-IntelTBRunOnce - CE.VBS
HKLM-Run-AdobeAAMUpdater-1.0 - FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_•\00\00•\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~•\00\00•\00\00\00\00•\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3044559861-1808346076-959153479-1001\Software\SecuROM\License information*]
"datasecu"=hex:3c,fe,a9,e8,8e,d1,c4,8f,9c,f6,7d,3c,e0,72,06,44,19,09,90,12,53,
   4a,b4,0b,6a,b4,b7,ba,26,0e,70,2d,8e,14,d5,67,d2,b4,5e,07,98,d8,07,0b,67,2a,\
"rkeysecu"=hex:91,ea,56,57,75,e9,91,40,2c,b0,bd,7b,7e,f2,90,77
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
   c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
   76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
   07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\2521E23D9705C32A954F45A433F44485]
"1"=hex:80,21,ee,d1,6b,60,09,6f,31,1b,72,02,c7,0b,8d,e6,e5,46,5d,94,9f,cd,3e,
   e8,0a,36,20,48,8d,2e,0e,e4
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
   51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
   d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,60,98,b5,a5,7c,38,
   74,0a,ce,60,fe,98,18,4b,86,3f,94,63,69,37,ea,9f,29,73,30,52,47,99,d4,75,69,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\494E767AFB4074AF4A5D990DF2AB3ED7]
"1"=hex:02,8a,9c,68,66,89,a0,f8,9b,48,ff,78,d6,45,59,c3,ad,13,b2,b6,1d,0f,3c,
   c2
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
   51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
   d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:80,d6,dd,b5,55,94,c7,4d,82,0c,f9,f0,b6,da,fb,e0
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-05  12:53:34
ComboFix-quarantined-files.txt  2014-02-05 17:53
.
Pre-Run: 300,750,262,272 bytes free
Post-Run: 314,441,306,112 bytes free
.
- - End Of File - - FE14C53B9DB36A34DFCEC297C19394FE
 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 10 February 2014 - 04:01 AM

Sorry for the delay.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#5 Woodchuckeroo

Woodchuckeroo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 10 February 2014 - 11:50 AM

No worries.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03
Ran by Jake (administrator) on JAKE-PC on 10-02-2014 11:47:52
Running from C:\Users\Jake\Downloads\Music
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\runservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
(Google Inc.) C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM\...\Run: [HotKeysCmds] - DOWS\SYSTEM32\HKCMD.EXE
HKLM\...\Run: [FreeFallProtection] - .EXE
HKLM\...\Run: [BTMTrayAgent] - TEL\BLUETOOTH\BTMSHELL.DLL",TRAYAPP
HKLM\...\Run: [IntelWireless] - TEL WIRELESS TRAY
HKLM\...\Run: [IntelTBRunOnce] - CE.VBS"
HKLM\...\Run: [AdobeAAMUpdater-1.0] -  FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE"
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2013-01-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Spotify Web Helper] - C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Default Key] - C:\Users\Jake\AppData\Roaming\Default Folder\Default File.exe [227840 2014-01-29] ()
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [dll.exe] - C:\Users\Jake\AppData\Roaming\drive\l.exe [227840 2014-02-02] ()
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [sys] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jake\AppData\Roaming\sys.jar"
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Photobooth] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jake\AppData\Roaming\Photobooth.jar"
Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {49246F66-A8A0-4680-B963-5590D2A377A8} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/nirvana/controls/pcmatic.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default
FF user.js: detected! => C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\user.js
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_046&u=USERGUID&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: ActiveGS - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\activegs@freetoolsassociation.com [2013-12-02]
FF Extension: Flash Video Downloader - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\artur.dubovoy@gmail.com [2014-01-29]
FF Extension: pearltrees - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\collector@broceliand.fr [2013-04-16]
FF Extension: EPUBReader - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-02]
FF Extension: WOT - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Reddit Enhancement Suite - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-04-30]
FF Extension: XKit - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\xkit@studioxenix.com.xpi [2013-08-17]
FF Extension: Stylish - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-09-17]
FF Extension: Adblock Plus - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-14]
FF Extension: Greasemonkey - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jake\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jake\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Jake\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Google Update) - C:\Users\Jake\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (ttTools Loader) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbcngngbldcpfemhpibfjlmmlgohlmo [2012-07-24]
CHR Extension: (WOT) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2011-08-11]
CHR Extension: (YouTube) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Turntable Plus) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgjnmfceciegoonlpegpcaaeggghemc [2012-08-19]
CHR Extension: (Skype Click to Call) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-04]
CHR Extension: (Google Wallet) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-09-21]

==================== Services (Whitelisted) =================

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397704 2012-07-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385416 2012-07-10] (BlueStack Systems, Inc.)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2013-12-18] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-12-17] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [75144 2012-07-10] (BlueStack Systems)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-09-12] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 WinPhLdrNT; \??\C:\Users\Jake\AppData\Local\Temp\PhLdrX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 11:47 - 2014-02-10 11:47 - 00000000 ____D () C:\FRST
2014-02-07 20:52 - 2014-02-07 20:52 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-07 20:51 - 2014-02-07 20:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 20:51 - 2014-02-07 20:52 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 20:51 - 2014-02-07 20:51 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 20:03 - 2014-02-07 20:03 - 00000049 _____ () C:\Users\Jake\AppData\Roaming\raio93.tmp
2014-02-05 12:53 - 2014-02-05 12:53 - 00026481 _____ () C:\ComboFix.txt
2014-02-05 12:40 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 12:40 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 12:40 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 12:39 - 2014-02-05 12:53 - 00000000 ____D () C:\Qoobox
2014-02-05 12:39 - 2014-02-05 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-02-04 11:36 - 2014-02-04 11:36 - 00011469 _____ () C:\Users\Jake\Desktop\attach.txt
2014-02-04 11:36 - 2014-02-04 11:35 - 00024664 _____ () C:\Users\Jake\Desktop\dds.txt
2014-02-03 20:43 - 2012-10-24 13:39 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2014-02-03 20:42 - 2014-02-04 11:23 - 00000000 ____D () C:\Program Files (x86)\PCPitstop
2014-02-03 20:42 - 2014-02-04 11:18 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-02-02 19:49 - 2014-02-02 23:44 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\drive
2014-01-31 16:33 - 2014-02-04 17:42 - 00000000 ___HD () C:\ProgramData\{$1284-9213-2940-1289$}
2014-01-29 17:14 - 2014-01-29 17:14 - 00189919 _____ () C:\Users\Jake\AppData\Roaming\Valid.jar
2014-01-29 11:50 - 2014-02-07 21:59 - 00000041 _____ () C:\Users\Jake\AppData\Roaming\install.imp
2014-01-29 11:50 - 2014-02-07 03:27 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\imlgs
2014-01-29 11:50 - 2014-01-29 11:50 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Default Folder

==================== One Month Modified Files and Folders =======

2014-02-10 11:47 - 2014-02-10 11:47 - 00000000 ____D () C:\FRST
2014-02-10 11:47 - 2011-06-14 00:31 - 01915812 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 11:46 - 2011-07-20 23:24 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA.job
2014-02-10 11:45 - 2012-07-30 18:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 11:45 - 2012-07-12 13:51 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA.job
2014-02-10 11:45 - 2011-07-20 23:24 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core.job
2014-02-09 22:53 - 2011-06-18 11:09 - 00000000 ____D () C:\Users\Jake\AppData\Local\Last.fm
2014-02-09 22:33 - 2011-06-18 01:50 - 00086016 _____ () C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:00 - 2012-07-12 13:51 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core.job
2014-02-09 02:00 - 2011-06-27 16:30 - 00000000 ____D () C:\Users\Jake\AppData\Local\Adobe
2014-02-09 01:09 - 2012-07-30 18:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-09 01:09 - 2012-05-30 16:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-09 01:09 - 2011-06-17 17:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-09 00:57 - 2013-05-07 15:31 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\BitTorrent
2014-02-08 16:15 - 2009-07-13 23:51 - 00213772 _____ () C:\Windows\setupact.log
2014-02-07 22:03 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 22:03 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 21:59 - 2014-01-29 11:50 - 00000041 _____ () C:\Users\Jake\AppData\Roaming\install.imp
2014-02-07 21:57 - 2011-06-17 16:55 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-02-07 21:57 - 2011-06-17 16:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-02-07 21:56 - 2013-12-18 03:53 - 00001529 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-02-07 21:56 - 2011-08-26 00:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-07 21:56 - 2011-06-14 00:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-07 21:56 - 2011-06-13 22:52 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-07 21:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 20:52 - 2014-02-07 20:52 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-07 20:52 - 2014-02-07 20:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 20:52 - 2014-02-07 20:51 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 20:51 - 2014-02-07 20:51 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 20:51 - 2011-06-17 23:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 20:28 - 2011-06-17 23:28 - 00000000 ____D () C:\ProgramData\Apple
2014-02-07 20:03 - 2014-02-07 20:03 - 00000049 _____ () C:\Users\Jake\AppData\Roaming\raio93.tmp
2014-02-07 03:27 - 2014-01-29 11:50 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\imlgs
2014-02-07 03:26 - 2010-11-20 22:47 - 00099886 _____ () C:\Windows\PFRO.log
2014-02-05 12:53 - 2014-02-05 12:53 - 00026481 _____ () C:\ComboFix.txt
2014-02-05 12:53 - 2014-02-05 12:39 - 00000000 ____D () C:\Qoobox
2014-02-05 12:53 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-02-05 12:52 - 2014-02-05 12:39 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 12:51 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-05 12:49 - 2011-06-17 16:55 - 00000000 ___RD () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-05 12:49 - 2011-06-17 16:51 - 00000000 ____D () C:\Users\Jake
2014-02-04 17:42 - 2014-01-31 16:33 - 00000000 ___HD () C:\ProgramData\{$1284-9213-2940-1289$}
2014-02-04 11:36 - 2014-02-04 11:36 - 00011469 _____ () C:\Users\Jake\Desktop\attach.txt
2014-02-04 11:35 - 2014-02-04 11:36 - 00024664 _____ () C:\Users\Jake\Desktop\dds.txt
2014-02-04 11:23 - 2014-02-03 20:42 - 00000000 ____D () C:\Program Files (x86)\PCPitstop
2014-02-04 11:18 - 2014-02-03 20:42 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-02-04 11:17 - 2013-04-04 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-04 11:17 - 2013-04-04 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-03 20:42 - 2011-06-17 16:55 - 00000000 ____D () C:\Users\Jake\AppData\Local\VirtualStore
2014-02-03 20:36 - 2011-06-13 23:08 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-02 23:59 - 2011-06-19 10:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Audacity
2014-02-02 23:44 - 2014-02-02 19:49 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\drive
2014-01-29 17:14 - 2014-01-29 17:14 - 00189919 _____ () C:\Users\Jake\AppData\Roaming\Valid.jar
2014-01-29 11:50 - 2014-01-29 11:50 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Default Folder
2014-01-19 02:33 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 11:27 - 2012-04-25 09:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-15 11:27 - 2009-07-13 23:45 - 05118096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-13 21:20 - 2012-07-10 19:25 - 00000132 _____ () C:\Users\Jake\AppData\Roaming\Adobe PNG Format CS6 Prefs

ZeroAccess:
C:\Users\Jake\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}

Some content of TEMP:
====================
C:\Users\Jake\AppData\Local\Temp\JNativeHook_26945683535734965.dll
C:\Users\Jake\AppData\Local\Temp\JNativeHook_6332088572861680771.dll
C:\Users\Jake\AppData\Local\Temp\JNativeHook_658121058620036933.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 17:19

==================== End Of Log ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014 03
Ran by Jake at 2014-02-10 11:48:48
Running from C:\Users\Jake\Downloads\Music
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.3.0.29625 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (x32 Version: 2.00.11.22 - STMicroelectronics)
Accidental Damage Services Agreement (x32 Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112 - Adobe Systems, Inc.)
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
Age of Mythology - The Titans Expansion (x32 Version:  - )
Age of Mythology (x32 Version:  - )
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (x32 Version: 2.10 - Michael Tippach)
Audacity 1.3.13 (Unicode) (x32 Version:  - Audacity Team)
BitTorrent (x32 Version: 7.8.0.29626 - BitTorrent Inc.)
BlueStacks (x32 Version: 0.7.0.725 - BlueStack Systems, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CDisplayEx 1.8 (x32 Version:  - Henri Gourvest.)
Consumer In-Home Service Agreement (x32 Version: 2.0.0 - Dell Inc.)
Convert Audio Free FLAC to MP3 version 1.0 (x32 Version: 1.0 - )
Coupon Printer for Windows (x32 Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
Cozi (x32 Version: 1.0.4323.24051 - Cozi Group, Inc.)
CyberLink PowerDirector (Version: 9.0.0.2330 - CyberLink Corp.) Hidden
CyberLink PowerDirector (x32 Version: 9.0.0.2330 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (x32 Version: 9.4.60 - Dell)
Dell DataSafe Online (x32 Version: 2.1.19634 - Dell)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (x32 Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (x32 Version: 1.5.0.30 - ArcSoft)
Dell Stage (x32 Version: 1.4.173.0 - Fingertapps)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell Webcam Central (x32 Version: 2.01.18 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Eusing Free Registry Cleaner (x32 Version:  - )
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
Fallout 3 (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 (x32 Version: 1.00.0000 - Bethesda Softworks)
Fast Break Pro Basketball 3 (x32 Version:  - )
FL Studio 10 (x32 Version:  - Image-Line)
Fraps (remove only) (x32 Version:  - )
Game Dev Tycoon (x32 Version:  - Greenheart Games)
Game Dev Tycoon version 1.3.2 (x32 Version: 1.3.2 - Greenheart Games Pty. Ltd.)
GIMP 2.6.11 (x32 Version: 2.6.11 - The GIMP Team)
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (x32 Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (x32 Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (x32 Version: 5.002.006.003 - Hewlett-Packard)
IL Download Manager (x32 Version:  - Image-Line)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.2.0511 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0 - Intel)
Intel® Wireless Display (Version:  - )
Intel® Wireless Display (x32 Version: 2.0.27.0 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (x32 Version: 6.0.220 - Oracle)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240 - Oracle)
Java™ 6 Update 35 (x32 Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (x32 Version:  - Last.fm)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Minecraft Editor 64 bits (Version: 1.5.2 - Axialmedia)
Morrowind (x32 Version:  - )
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nexon Game Manager (x32 Version:  - )
NVIDIA 3D Vision Driver 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (x32 Version:  - )
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
Papers, Please (x32 Version: 2.0.0.4 - GOG.com)
Path of Exile (x32 Version: 0.11.2.26318 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (x32 Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PowerISO (x32 Version: 4.8 - PowerISO Computing, Inc.)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Quickset64 (Version: 11.0.10 - Dell Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (x32 Version:  - EasyGameStation)
Reus (x32 Version: 2.0.0.10 - GOG.com)
Risk - 2012 (x32 Version: 1.0 - Foxy Games)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sid Meier's Civilization V (x32 Version:  - 2K Games, Inc.)
Skype Click to Call (x32 Version: 5.6.8312 - Skype Technologies S.A.)
Skype™ 6.3 (x32 Version: 6.3.107 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.2.6.0 - Synaptics Incorporated)
System Requirements Lab CYRI (x32 Version: 4.5.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU Version: 3.0.6 - TeamSpeak Systems GmbH)
The Walking Dead (x32 Version:  - )
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version:  - Microsoft)
VirtualCloneDrive (x32 Version:  - Elaborate Bytes)
VLC media player 1.1.10 (x32 Version: 1.1.10 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.11 (64-bit) (Version: 4.11.0 - win.rar GmbH)
WOT for Internet Explorer (x32 Version: 10.12.20.0 - WOT Services Oy)

==================== Restore Points  =========================

09-02-2014 05:00:00 Scheduled Checkpoint
09-02-2014 08:04:10 Windows Update
10-02-2014 16:47:44 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-02-05 12:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1F66D7C2-9B5F-4BAF-905D-5031AE8E3373} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-09] (Adobe Systems Incorporated)
Task: {61853821-B457-4350-823E-DBA40AE4EA64} - System32\Tasks\{0D092AEB-6F84-4425-8712-79B3E982A6C2} => C:\Users\Jake\Downloads\Road Rash\Roadrash.EXE
Task: {69C43389-CA06-43E2-AAB5-937CAEC6629F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {6CB0705E-436B-4F44-B12A-E9C1038265E9} - System32\Tasks\{194B4E87-572E-4A49-83A1-5EA72AD61558} => Firefox.exe http://ui.skype.com/ui/0/5.8.0.158.320/en/abandoninstall?page=tsMain
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {AE390DE9-7F95-40BF-A18B-E507CDA43DDF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA => C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-20] (Google Inc.)
Task: {C7FFAAE6-C203-46A4-917C-397C04092476} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {CA4968D8-9EEC-47C0-8606-3C50FD3E473D} - System32\Tasks\AdobeAAMUpdater-1.0-Jake-PC-Jake => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {D649AA25-5315-4B52-9ED7-26099A22F9B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBC80379-ECE2-483E-A52E-947CD45547C2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core => C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-20] (Google Inc.)
Task: {FFA91946-05A4-4847-8C59-1473E59E2043} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core.job => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA.job => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core.job => C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA.job => C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-03-31 17:48 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-06-13 22:52 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-18 03:53 - 2013-12-18 03:53 - 00002560 _____ () C:\Windows\runservice.exe
2013-12-18 03:53 - 2013-12-18 03:53 - 00048640 _____ () C:\Windows\mmfs.dll
2012-03-17 21:28 - 2012-12-17 21:07 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-07-22 02:02 - 2010-07-22 02:02 - 00219632 _____ () C:\Program Files (x86)\Roxio\OEM\Common\SonicHDDemuxer.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-01-28 22:57 - 2013-09-03 13:01 - 00736768 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2013-01-28 22:57 - 2013-09-03 13:01 - 00032768 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2013-01-28 22:57 - 2013-09-03 09:54 - 00351232 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2013-01-28 22:57 - 2013-09-03 13:01 - 00126976 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2013-01-28 22:57 - 2013-01-18 11:39 - 00302592 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2013-03-13 12:56 - 2013-01-18 11:49 - 00182784 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2013-01-28 22:57 - 2012-12-13 00:12 - 00111104 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2013-01-28 22:57 - 2012-12-13 00:13 - 02286592 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2013-03-13 12:56 - 2012-12-13 00:13 - 00049664 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2013-12-20 04:02 - 2013-12-20 04:03 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-04 16:23 - 2014-02-09 01:09 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0664ADFC

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2014 03:02:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (02/10/2014 03:02:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (02/10/2014 03:02:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2014 03:02:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (02/10/2014 03:02:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (02/10/2014 03:02:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2014 03:00:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7596468

Error: (02/10/2014 03:00:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7596468

Error: (02/10/2014 03:00:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2014 00:53:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014


System errors:
=============
Error: (02/10/2014 11:48:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 11:48:20 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 11:47:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 11:47:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 11:46:44 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 11:46:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 11:45:45 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 03:01:47 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 03:01:17 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (02/10/2014 03:00:47 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (02/10/2014 03:02:09 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (02/10/2014 03:02:09 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (02/10/2014 03:02:09 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2014 03:02:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (02/10/2014 03:02:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (02/10/2014 03:02:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2014 03:00:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7596468

Error: (02/10/2014 03:00:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7596468

Error: (02/10/2014 03:00:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2014 00:53:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014


CodeIntegrity Errors:
===================================
  Date: 2014-02-05 12:49:54.789
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-05 12:49:54.776
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 8086.17 MB
Available physical RAM: 4422.79 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 11514.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:287.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 25 February 2014 - 06:02 AM

Step 1

Please download this attached Attached File  fixlist.txt   1.33KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.
Reboot your computer.



Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 Woodchuckeroo

Woodchuckeroo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 27 February 2014 - 01:41 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02
Ran by Jake at 2014-02-27 13:34:46 Run:1
Running from C:\Users\Jake\Downloads\Music\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Default Key] - C:\Users\Jake\AppData\Roaming\Default Folder\Default File.exe [227840 2014-01-29] ()
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [dll.exe] - C:\Users\Jake\AppData\Roaming\drive\l.exe [227840 2014-02-02] ()
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [sys] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jake\AppData\Roaming\sys.jar"
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Photobooth] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jake\AppData\Roaming\Photobooth.jar"
C:\Users\Jake\AppData\Roaming\sys.jar
C:\Users\Jake\AppData\Roaming\Photobooth.jar
2014-02-02 19:49 - 2014-02-02 23:44 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\drive
2014-01-31 16:33 - 2014-02-04 17:42 - 00000000 ___HD () C:\ProgramData\{$1284-9213-2940-1289$}
2014-01-29 17:14 - 2014-01-29 17:14 - 00189919 _____ () C:\Users\Jake\AppData\Roaming\Valid.jar
2014-01-29 11:50 - 2014-02-07 21:59 - 00000041 _____ () C:\Users\Jake\AppData\Roaming\install.imp
2014-01-29 11:50 - 2014-02-07 03:27 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\imlgs
2014-01-29 11:50 - 2014-01-29 11:50 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Default Folder
C:\Users\Jake\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}
*****************

HKU\S-1-5-21-3044559861-1808346076-959153479-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Default Key => Value deleted successfully.
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\Software\Microsoft\Windows\CurrentVersion\Run\\dll.exe => Value deleted successfully.
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\Software\Microsoft\Windows\CurrentVersion\Run\\sys => Value deleted successfully.
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Photobooth => Value deleted successfully.
Could not move "C:\Users\Jake\AppData\Roaming\sys.jar" => Scheduled to move on reboot.
Could not move "C:\Users\Jake\AppData\Roaming\Photobooth.jar" => Scheduled to move on reboot.
C:\Users\Jake\AppData\Roaming\drive => Moved successfully.
C:\ProgramData\{$1284-9213-2940-1289$} => Moved successfully.
C:\Users\Jake\AppData\Roaming\Valid.jar => Moved successfully.
C:\Users\Jake\AppData\Roaming\install.imp => Moved successfully.
C:\Users\Jake\AppData\Roaming\imlgs => Moved successfully.
C:\Users\Jake\AppData\Roaming\Default Folder => Moved successfully.
C:\Users\Jake\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8} => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-27 13:36:35)<=

C:\Users\Jake\AppData\Roaming\sys.jar => Is moved successfully.
C:\Users\Jake\AppData\Roaming\Photobooth.jar => Is moved successfully.

==== End of Fixlog ====

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Jake (administrator) on JAKE-PC on 27-02-2014 13:39:45
Running from C:\Users\Jake\Downloads\Music\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\runservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM\...\Run: [HotKeysCmds] - DOWS\SYSTEM32\HKCMD.EXE
HKLM\...\Run: [FreeFallProtection] - .EXE
HKLM\...\Run: [BTMTrayAgent] - TEL\BLUETOOTH\BTMSHELL.DLL",TRAYAPP
HKLM\...\Run: [IntelWireless] - TEL WIRELESS TRAY
HKLM\...\Run: [IntelTBRunOnce] - CE.VBS"
HKLM\...\Run: [AdobeAAMUpdater-1.0] -  FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE"
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2013-01-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Spotify Web Helper] - C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-20] (Spotify Ltd)
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-3044559861-1808346076-959153479-1001\...\Run: [Google Update] - C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-20] (Google Inc.)
Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {49246F66-A8A0-4680-B963-5590D2A377A8} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/nirvana/controls/pcmatic.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default
FF user.js: detected! => C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\user.js
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_046&u=USERGUID&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jake\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jake\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: ActiveGS - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\activegs@freetoolsassociation.com [2013-12-02]
FF Extension: Flash Video Downloader - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\artur.dubovoy@gmail.com [2014-01-29]
FF Extension: pearltrees - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\collector@broceliand.fr [2013-04-16]
FF Extension: EPUBReader - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-02]
FF Extension: WOT - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Reddit Enhancement Suite - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-04-30]
FF Extension: Stylish - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-09-17]
FF Extension: Adblock Plus - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\zvllrsdk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jake\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jake\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Jake\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Google Update) - C:\Users\Jake\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (ttTools Loader) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbcngngbldcpfemhpibfjlmmlgohlmo [2012-07-24]
CHR Extension: (WOT) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2011-08-11]
CHR Extension: (YouTube) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Turntable Plus) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgjnmfceciegoonlpegpcaaeggghemc [2012-08-19]
CHR Extension: (Skype Click to Call) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-04]
CHR Extension: (Google Wallet) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-09-21]

==================== Services (Whitelisted) =================

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397704 2012-07-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385416 2012-07-10] (BlueStack Systems, Inc.)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2013-12-18] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-12-17] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [75144 2012-07-10] (BlueStack Systems)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-09-12] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 WinPhLdrNT; \??\C:\Users\Jake\AppData\Local\Temp\PhLdrX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 12:47 - 2014-02-15 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 17:46 - 2014-02-10 17:46 - 00000000 ____D () C:\Users\Jake\AppData\Local\EdgeOfReality
2014-02-10 17:11 - 2014-02-10 17:11 - 00000222 _____ () C:\Users\Jake\Desktop\Loadout.url
2014-02-10 11:47 - 2014-02-27 13:39 - 00000000 ____D () C:\FRST
2014-02-07 20:52 - 2014-02-07 20:52 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-07 20:51 - 2014-02-07 20:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 20:51 - 2014-02-07 20:52 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 20:51 - 2014-02-07 20:51 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 20:03 - 2014-02-07 20:03 - 00000049 _____ () C:\Users\Jake\AppData\Roaming\raio93.tmp
2014-02-05 12:53 - 2014-02-05 12:53 - 00026481 _____ () C:\ComboFix.txt
2014-02-05 12:40 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 12:40 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 12:40 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 12:40 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 12:39 - 2014-02-05 12:53 - 00000000 ____D () C:\Qoobox
2014-02-05 12:39 - 2014-02-05 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-02-04 11:36 - 2014-02-04 11:36 - 00011469 _____ () C:\Users\Jake\Desktop\attach.txt
2014-02-04 11:36 - 2014-02-04 11:35 - 00024664 _____ () C:\Users\Jake\Desktop\dds.txt
2014-02-03 20:43 - 2012-10-24 13:39 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2014-02-03 20:42 - 2014-02-04 11:23 - 00000000 ____D () C:\Program Files (x86)\PCPitstop
2014-02-03 20:42 - 2014-02-04 11:18 - 00000000 ____D () C:\ProgramData\PCPitstop

==================== One Month Modified Files and Folders =======

2014-02-27 13:39 - 2014-02-10 11:47 - 00000000 ____D () C:\FRST
2014-02-27 13:37 - 2011-08-26 00:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-27 13:36 - 2013-12-18 03:53 - 00001529 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-02-27 13:36 - 2011-06-17 16:55 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-02-27 13:36 - 2011-06-17 16:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-02-27 13:36 - 2011-06-13 23:08 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-27 13:36 - 2011-06-13 22:52 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-27 13:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 13:35 - 2011-06-14 00:31 - 01982891 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 13:35 - 2011-06-14 00:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-27 13:35 - 2009-07-13 23:51 - 00215508 _____ () C:\Windows\setupact.log
2014-02-27 13:28 - 2013-05-07 15:31 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\BitTorrent
2014-02-27 13:23 - 2012-07-30 18:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 13:23 - 2011-07-20 23:24 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA.job
2014-02-27 12:43 - 2012-07-12 13:51 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA.job
2014-02-27 02:00 - 2011-06-27 16:30 - 00000000 ____D () C:\Users\Jake\AppData\Local\Adobe
2014-02-27 01:44 - 2012-07-10 19:25 - 00000132 _____ () C:\Users\Jake\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-27 00:16 - 2011-06-18 11:09 - 00000000 ____D () C:\Users\Jake\AppData\Local\Last.fm
2014-02-26 17:23 - 2011-07-20 23:24 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core.job
2014-02-26 14:56 - 2012-07-12 13:51 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core.job
2014-02-25 10:57 - 2013-09-09 20:28 - 00000000 ____D () C:\Users\Jake\Documents\Technology and Culture (LB 332)
2014-02-24 23:15 - 2011-08-25 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 20:04 - 2012-01-28 22:59 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Spotify
2014-02-20 23:23 - 2012-07-30 18:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 23:23 - 2012-05-30 16:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 23:23 - 2011-06-17 17:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 01:35 - 2011-06-18 01:50 - 00087552 _____ () C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-19 23:10 - 2012-01-28 23:00 - 00000000 ____D () C:\Users\Jake\AppData\Local\Spotify
2014-02-19 20:53 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 20:53 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 13:41 - 2012-04-25 09:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 04:35 - 2011-08-22 19:40 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\.minecraft
2014-02-15 12:48 - 2014-02-15 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 17:46 - 2014-02-10 17:46 - 00000000 ____D () C:\Users\Jake\AppData\Local\EdgeOfReality
2014-02-10 17:18 - 2011-07-20 23:24 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001UA
2014-02-10 17:18 - 2011-07-20 23:24 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3044559861-1808346076-959153479-1001Core
2014-02-10 17:11 - 2014-02-10 17:11 - 00000222 _____ () C:\Users\Jake\Desktop\Loadout.url
2014-02-07 20:52 - 2014-02-07 20:52 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-07 20:52 - 2014-02-07 20:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 20:52 - 2014-02-07 20:51 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 20:51 - 2014-02-07 20:51 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 20:51 - 2011-06-17 23:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 20:28 - 2011-06-17 23:28 - 00000000 ____D () C:\ProgramData\Apple
2014-02-07 20:03 - 2014-02-07 20:03 - 00000049 _____ () C:\Users\Jake\AppData\Roaming\raio93.tmp
2014-02-07 03:26 - 2010-11-20 22:47 - 00099886 _____ () C:\Windows\PFRO.log
2014-02-05 12:53 - 2014-02-05 12:53 - 00026481 _____ () C:\ComboFix.txt
2014-02-05 12:53 - 2014-02-05 12:39 - 00000000 ____D () C:\Qoobox
2014-02-05 12:53 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-02-05 12:52 - 2014-02-05 12:39 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 12:51 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-05 12:49 - 2011-06-17 16:55 - 00000000 ___RD () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-05 12:49 - 2011-06-17 16:51 - 00000000 ____D () C:\Users\Jake
2014-02-04 11:36 - 2014-02-04 11:36 - 00011469 _____ () C:\Users\Jake\Desktop\attach.txt
2014-02-04 11:35 - 2014-02-04 11:36 - 00024664 _____ () C:\Users\Jake\Desktop\dds.txt
2014-02-04 11:23 - 2014-02-03 20:42 - 00000000 ____D () C:\Program Files (x86)\PCPitstop
2014-02-04 11:18 - 2014-02-03 20:42 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-02-04 11:17 - 2013-04-04 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-04 11:17 - 2013-04-04 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-03 20:42 - 2011-06-17 16:55 - 00000000 ____D () C:\Users\Jake\AppData\Local\VirtualStore
2014-02-02 23:59 - 2011-06-19 10:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Audacity

Some content of TEMP:
====================
C:\Users\Jake\AppData\Local\Temp\JNativeHook_26945683535734965.dll
C:\Users\Jake\AppData\Local\Temp\JNativeHook_2974256018750688372.dll
C:\Users\Jake\AppData\Local\Temp\JNativeHook_6332088572861680771.dll
C:\Users\Jake\AppData\Local\Temp\JNativeHook_658121058620036933.dll
C:\Users\Jake\AppData\Local\Temp\JNativeHook_7574667183064313435.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 23:51

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 27 February 2014 - 04:35 PM

Looking better.
How is your computer running now? What problems and symptoms do you experience now?


Step 1

  • Start Malwarebytes Anti-Malware with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 12 March 2014 - 12:07 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users