Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Scan, IPR Rootkits and a hidden application


  • This topic is locked This topic is locked
20 replies to this topic

#1 Shade the Wolf

Shade the Wolf

  • Members
  • 130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:By my computer
  • Local time:02:12 PM

Posted 13 February 2014 - 07:40 PM

Okay, so after clicking around to try to download a flash animation, I accidentally install some spyware stuff (Blame FileTube). I use the PC Decrapifier to remove it, and decide to run an AVG scan just to be save. Rootkits come back infected. "Okay", I thought, and I clicked "remove all". Aaaaand it comes back with "Cannot remove. Data is invalid". I run another scan, rootkits come back infected, I try to remove, same error on all of them.

 

DDS log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Shade the Wolf at 18:32:57 on 2014-02-13
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.4094.1356 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Windows\system32\taskeng.exe
C:\Users\Shade the Wolf\Documents\PCMeter\PCMeterV0.3.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=6d0b7e39-8617-4e60-9d54-

70612262ec27&searchtype=ds&q={searchTerms}&installDate=13/07/2013
uSearch Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=6d0b7e39-8617-4e60-9d54-

70612262ec27&searchtype=ds&q={searchTerms}&installDate=13/07/2013
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=6d0b7e39-8617-4e60-9d54-

70612262ec27&searchtype=ds&q={searchTerms}&installDate=13/07/2013
uURLSearchHooks: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: FTdownloader V9.0: {11111111-1111-1111-1111-110511151181} - C:\Program Files (x86)\FTdownloader V9.0\FTdownloader

V9.0-bho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar

\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar

\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar

\3.0.0566.0\msneshellx.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar

\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe Version Cue CS2] "c:\PROGRA~2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
StartupFolder: C:\Users\Shade the Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files

\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft

Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: Interfaces\{658B1AE7-F7C9-4643-BBEA-77AFC1FBACCC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{658B1AE7-F7C9-4643-BBEA-77AFC1FBACCC}\2375942554837313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{658B1AE7-F7C9-4643-BBEA-77AFC1FBACCC}\E4544584542575F425C444 : DHCPNameServer = 172.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveSystemServices.dll
Handler: linkscanner - <Clsid value has no data>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search

\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
x64-BHO: FTdownloader V9.0: {11111111-1111-1111-1111-110511151181} - C:\Program Files (x86)\FTdownloader V9.0\FTdownloader

V9.0-bho64.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - <Clsid value has no data>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: CThemeResourceChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource

Changer\ThemeResourceChanger.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=66B10BA9-C650-42C8-AE10-3F15B841043A
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Shade the Wolf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 481a623e00000000000008863b7a7d7d
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16114
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.315:42:45
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Shade the Wolf\Documents\EEK\Run\a2ddax64.sys [2012-8-11 23208]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-22 46368]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

[2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3

1748640]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework

\HPSA_Service.exe [2012-9-27 86528]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

[2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30

15129376]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-12-9 289496]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-7-31

1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-7-

31 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

[2013-7-31 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe [2014-1-28 411936]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-25 5087584]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

[2012-9-17 2365792]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater

\17.3.0\ToolbarUpdater.exe [2014-1-10 1772056]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-10-12 50072]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys

[2013-12-17 39200]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys

[2013-12-9 694376]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-8

-29 11880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\hp\Common

\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-8 1255736]
.
=============== Created Last 30 ================
.
2014-02-13 21:43:50    --------    d-----w-    C:\Users\Shade the Wolf\.android
2014-02-13 21:43:48    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\cache
2014-02-13 21:43:41    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\Mobogenie
2014-02-13 21:43:25    --------    d-----w-    C:\Program Files (x86)\Mobogenie
2014-02-13 21:42:45    --------    d-----w-    C:\Program Files (x86)\IminentToolbar
2014-02-13 21:41:28    --------    d-----w-    C:\Program Files (x86)\FTdownloader V9.0
2014-02-13 21:40:56    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\Cool_Mirage
2014-02-13 03:42:28    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{CD9B14F0-BA84-4ADB-B067-

DBB4AB290179}
2014-02-12 15:48:47    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-12 15:48:47    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-12 15:45:42    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-12 15:45:42    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-12 15:45:42    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-12 15:45:42    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-02-12 15:45:13    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 15:45:12    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-02-12 15:45:12    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-02-12 15:45:12    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-02-11 01:10:19    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{66A48B90-CAF3-469B-8078-

7009DB47DA1F}
2014-02-09 01:32:01    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{BA2C88E0-6E58-44E8-9FE4-

EE5FAD9147D6}
2014-02-07 16:55:18    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{0C59C879-F234-4D74-A8D7-

5D2C5D71BEF1}
2014-02-06 16:54:00    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{4F33298F-94DC-456D-A6B4-

FC1A1A66AFAA}
2014-02-06 03:19:56    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{043E3652-6F9D-440D-A85B-

74595037C60D}
2014-02-05 16:01:23    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
2014-02-05 15:19:14    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{6510DD45-B377-4964-BE5A-

ADDB9BED009D}
2014-02-05 01:24:10    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{88355871-A4C5-47E4-BA51-

2B7F0A2132AA}
2014-02-04 03:12:14    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{2A4D980B-A20F-4BE8-B74F-

4EBB054A12DB}
2014-02-01 19:23:54    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Roaming\Ubisoft
2014-02-01 16:42:24    --------    d-----w-    C:\ProgramData\Square Enix
2014-02-01 16:42:21    --------    d-----w-    C:\Program Files (x86)\Square Enix
2014-01-29 06:57:07    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{D400C734-7609-47BE-AEDF-

C7174A225682}
2014-01-28 18:58:32    599840    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-01-28 18:37:08    2711656    ----a-w-    C:\Windows\SysWow64\nvapi.dll
2014-01-28 16:30:21    1515296    ----a-w-    C:\Windows\System32\nvdispgenco6433467.dll
2014-01-28 16:30:20    1885472    ----a-w-    C:\Windows\System32\nvdispco6433467.dll
2014-01-27 02:01:54    --------    d-----w-    C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-25 11:53:33    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{FF0869D5-5686-460C-8F30-

868950A1CDD7}
2014-01-24 16:04:53    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{4039EA3B-E365-47D9-A422-

1C2B556763E9}
2014-01-23 07:26:03    1351392    ----a-w-    C:\Windows\SysWow64\comctl32.ocx
2014-01-20 23:37:40    --------    d-----w-    C:\Windows\Migration
2014-01-20 23:22:39    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-20 23:22:39    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-20 23:22:39    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-20 23:22:39    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-20 23:22:39    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-20 23:22:39    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-20 23:22:39    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-20 23:20:03    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2014-01-20 23:20:03    168960    ----a-w-    C:\Windows\System32\wscript.exe
2014-01-20 23:20:03    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2014-01-20 23:20:03    156160    ----a-w-    C:\Windows\System32\cscript.exe
2014-01-20 23:20:03    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2014-01-20 23:20:03    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2014-01-20 23:20:03    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2014-01-20 23:20:03    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2014-01-20 22:38:59    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-20 22:38:29    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-20 22:10:44    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-20 13:23:57    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{C6ECC4A8-2966-4F22-BE04-

9E323F862C94}
2014-01-19 05:58:24    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{F67DDA70-984B-4AEF-906E-

96D2E80ACBC7}
2014-01-18 16:26:33    --------    d-----w-    C:\Program Files (x86)\GameSpy Arcade
2014-01-18 16:25:54    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{32A58A5B-CF57-4F02-9261-

D22E5D9A20D6}
2014-01-18 16:22:30    --------    d-----w-    C:\Program Files (x86)\Microsoft Games
2014-01-18 03:21:35    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{F83D6F6B-2A0D-4D32-AF85-

F5A7C7F4CE6E}
2014-01-17 15:21:04    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{F2173108-5411-4515-83D4-

927126AF2512}
2014-01-17 03:19:54    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{CBA1243D-5B24-4CD6-85DC-

058A85FC7FBE}
2014-01-16 15:19:29    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{AB3EF834-4DBB-43E4-BCD1-

2E9DC4917F47}
2014-01-16 03:18:49    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{B4005924-88E8-47DF-9A1D-

46967A252C9F}
2014-01-15 15:18:38    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{07A479F1-3CCC-4171-BB68-

5ACC1BBEC529}
2014-01-15 03:18:13    --------    d-----w-    C:\Users\Shade the Wolf\AppData\Local\{43B06523-83CF-4546-A7B0-

148EB781A0E2}
.
==================== Find3M  ====================
.
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-05 00:08:11    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 00:08:11    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-15 21:53:13    6712608    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-01-15 21:53:13    3498272    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-01-15 21:53:08    923936    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-01-15 21:53:08    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2014-01-15 21:53:08    386336    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-01-13 22:31:20    3559557    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-12-21 10:56:08    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-21 10:56:07    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-19 20:33:31    1884448    ----a-w-    C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433221.dll
2013-12-10 02:15:06    982232    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:14:54    1100248    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-12-09 22:15:08    694376    ----a-w-    C:\Windows\System32\drivers\RTL8192su.sys
2013-12-09 22:14:27    657512    ----a-w-    C:\Windows\System32\nvunrm.exe
2013-12-09 22:14:27    657512    ----a-w-    C:\Windows\System32\nvuninst.exe
2013-12-09 22:14:27    349416    ----a-w-    C:\Windows\System32\drivers\nvmf6264.sys
2013-12-09 22:14:27    229480    ----a-w-    C:\Windows\System32\nvconrm.dll
2013-12-09 22:14:22    953344    ----a-w-    C:\Windows\System32\fdco2.dll
2013-12-09 22:14:22    758272    ----a-w-    C:\Windows\System32\cohelper.dll
2013-12-09 22:04:29    211184    ----a-w-    C:\Windows\System32\SRSTSH64.dll
2013-12-09 22:03:37    2743328    ----a-w-    C:\Windows\System32\FMAPO64.dll
2013-12-09 22:03:33    113576    ----a-w-    C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2013-12-09 22:03:27    209096    ----a-w-    C:\Windows\System32\AERTAC64.dll
2013-12-09 22:03:27    108640    ----a-w-    C:\Windows\System32\AERTAR64.dll
2013-12-05 08:42:30    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-28 13:38:22    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18    197408    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-11-23 19:26:48    1884448    ----a-w-    C:\Windows\System32\nvdispco6433193.dll
2013-11-23 19:26:48    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433193.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 08:36:08    1515296    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-11-20 20:37:32    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 18:33:38.03 ===============
 

 

And it just occurred to me that you guys might need the AVG logs. Here they are.

 

"";"IRP hook, C:\Windows\system32\DRIVERS\mouclass.sys IRP_MJ_READ -> EagleX64.sys +0x14CC0, C:\Windows\system32\drivers\EagleX64.sys";"Infected"
"";"IRP hook, C:\Windows\system32\DRIVERS\mouclass.sys IRP_MJ_PNP -> EagleX64.sys +0x14F80, C:\Windows\system32\drivers\EagleX64.sys";"Infected"
"";"IRP hook, C:\Windows\system32\DRIVERS\kbdclass.sys IRP_MJ_READ -> EagleX64.sys +0x131C0, C:\Windows\system32\drivers\EagleX64.sys";"Infected"
"";"IRP hook, C:\Windows\system32\DRIVERS\kbdclass.sys IRP_MJ_PNP -> EagleX64.sys +0x134D0, C:\Windows\system32\drivers\EagleX64.sys";"Infected"
"";"Hidden application, Idle";"Infected"

 

 

Also, I ran a GMER scan (a thread on AVG's forums mentioned it) and one of the lines said "Unknown MBR Code". Also, my computer suffered a BSOD while I was asleep (I set a sleep timer). I was asleep, so I don't know the error code, and I'm not sure how to check the event logs to try to grab what the BSOD said.

Attached Files


Edited by Shade the Wolf, 14 February 2014 - 10:14 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 14 February 2014 - 03:40 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Shade the Wolf

Shade the Wolf
  • Topic Starter

  • Members
  • 130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:By my computer
  • Local time:02:12 PM

Posted 14 February 2014 - 03:17 PM

just to be clear, I should Attach the log and not post it as a quote, yes?

 

Okay the scan finished. Here's the log.

Attached Files


Edited by Shade the Wolf, 14 February 2014 - 04:24 PM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 17 February 2014 - 04:38 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Shade the Wolf

Shade the Wolf
  • Topic Starter

  • Members
  • 130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:By my computer
  • Local time:02:12 PM

Posted 17 February 2014 - 07:51 PM

Alright, here's the log. Even though it says that Spybot is enabled, I only have the basic version so I don't get real-time protection.

 

 

ComboFix 14-02-16.01 - Shade the Wolf 7/2014 Mon  18:23:30.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.4094.1449 [GMT -6:00]
Running from: c:\users\Shade the Wolf\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Public\sdelevURL.tmp
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome.manifest
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\asyncDB.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\background.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\browserAction.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\contextMenu.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\dbManager.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\dom_bg.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\fileManager.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\firefox.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\firefoxNotifications.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\firefoxOmnibox.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\message.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\pageAction.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\request.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\tabs.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\webRequest.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\background.html
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\baseObject.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\browser.xul
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\console.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\consts.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\delegate.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\extensionDataStore.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\folderIOWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\httpObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\IDBWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\installer.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\logFile.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\prefs.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\progressListenerObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\registry.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\reloadObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\reports.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\requestObject.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\searchSettings.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\uninstallObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\updateManager.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\utils.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\xhr.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\dialog.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\main.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\options.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\options.xul
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\platformVersion.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\search_dialog.xul
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\defaults\preferences\prefs.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\manifest.xml
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins.json
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\1_base.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\1000020_analytics.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\1000025_analyticsFront.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\1000030_mz.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\17_jQuery.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\182_openUrl.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\207_dbWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\21_debug.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\22_resources.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\28_initializer.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\47_resources_background.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\64_appApiMessage.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\72_appApiValidation.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\98_omniCommands.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\userCode\background.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\userCode\extension.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\install.rdf
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\locale\en-US\translations.dtd
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button1.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button2.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button3.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button4.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button5.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\crossrider_statusbar.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\icon128.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\icon16.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\icon24.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\icon48.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\panelarrow-up.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\popup.html
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\skin.css
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\update.css
c:\windows\apppatch\AppLoc.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-18 to 2014-02-18  )))))))))))))))))))))))))))))))
.
.
2014-02-18 00:34 . 2014-02-18 00:34    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2014-02-14 19:29 . 2014-02-14 21:23    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-14 19:29 . 2014-02-14 19:29    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-14 19:28 . 2014-02-14 19:28    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-13 21:43 . 2014-02-13 21:43    --------    d-----w-    c:\users\Shade the Wolf\.android
2014-02-13 21:43 . 2014-02-13 21:43    --------    d-----w-    c:\users\Shade the Wolf\AppData\Local\cache
2014-02-13 21:43 . 2014-02-13 22:08    --------    d-----w-    c:\users\Shade the Wolf\AppData\Local\Mobogenie
2014-02-13 21:43 . 2014-02-13 22:08    --------    d-----w-    c:\program files (x86)\Mobogenie
2014-02-13 21:42 . 2014-02-13 22:08    --------    d-----w-    c:\program files (x86)\IminentToolbar
2014-02-13 21:41 . 2014-02-13 21:42    --------    d-----w-    c:\program files (x86)\FTdownloader V9.0
2014-02-13 21:40 . 2014-02-13 21:40    --------    d-----w-    c:\users\Shade the Wolf\AppData\Local\Cool_Mirage
2014-02-12 15:48 . 2013-12-21 09:53    548864    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-12 15:48 . 2013-12-21 08:56    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-02-12 15:45 . 2013-12-06 02:30    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-12 15:45 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-12 15:45 . 2013-12-06 02:02    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-12 15:45 . 2013-12-06 02:02    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-12 15:45 . 2013-12-24 23:09    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-02-12 15:45 . 2013-12-24 22:48    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-02-12 15:45 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-02-12 15:45 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-02-05 16:01 . 2014-02-05 16:01    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2014-02-01 19:23 . 2014-02-01 19:23    --------    d-----w-    c:\users\Shade the Wolf\AppData\Roaming\Ubisoft
2014-02-01 19:15 . 2014-02-01 19:15    --------    d-----w-    c:\programdata\Ubisoft
2014-02-01 19:15 . 2014-02-01 19:15    --------    d-----w-    c:\program files (x86)\Ubisoft
2014-02-01 16:42 . 2014-02-01 16:42    --------    d-----w-    c:\programdata\Square Enix
2014-02-01 16:42 . 2014-02-01 16:42    --------    d-----w-    c:\program files (x86)\Square Enix
2014-01-28 18:58 . 2014-01-15 22:35    599840    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-01-28 18:37 . 2014-01-15 23:13    2711656    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-01-28 16:41 . 2014-01-28 16:41    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-01-28 16:30 . 2014-01-15 23:13    1515296    ----a-w-    c:\windows\system32\nvdispgenco6433467.dll
2014-01-28 16:30 . 2014-01-15 23:13    1885472    ----a-w-    c:\windows\system32\nvdispco6433467.dll
2014-01-27 02:01 . 2014-01-31 20:33    --------    d-----w-    c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-23 07:26 . 2005-04-16 01:58    1351392    ----a-w-    c:\windows\SysWow64\comctl32.ocx
2014-01-20 23:37 . 2014-01-20 23:37    --------    d-----w-    c:\windows\Migration
2014-01-20 23:22 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-20 23:22 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-20 23:22 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-20 23:22 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-20 23:22 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-20 23:22 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-20 23:22 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-20 23:20 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2014-01-20 23:20 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2014-01-20 23:20 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2014-01-20 23:20 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2014-01-20 23:20 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2014-01-20 23:20 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2014-01-20 23:20 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2014-01-20 23:20 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2014-01-20 22:38 . 2014-01-20 22:38    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-20 22:38 . 2014-01-20 22:38    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-20 22:10 . 2013-12-19 03:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-12 15:57 . 2012-03-08 23:34    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-02-05 00:08 . 2012-03-31 16:05    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 00:08 . 2012-03-10 18:58    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 23:13 . 2013-02-02 07:53    18184976    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-01-15 23:13 . 2012-05-22 20:54    947808    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-01-15 23:13 . 2010-04-17 03:00    14668008    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-01-15 23:13 . 2010-04-17 03:00    3087112    ----a-w-    c:\windows\system32\nvapi64.dll
2014-01-15 21:53 . 2009-07-29 17:21    6712608    ----a-w-    c:\windows\system32\nvcpl.dll
2014-01-15 21:53 . 2009-07-29 17:21    3498272    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-01-15 21:53 . 2009-07-29 17:21    923936    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-01-15 21:53 . 2009-07-29 17:21    63776    ----a-w-    c:\windows\system32\nvshext.dll
2014-01-15 21:53 . 2009-07-29 17:21    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2014-01-13 22:31 . 2012-12-25 17:28    3559557    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-12-21 10:56 . 2013-12-21 10:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-21 10:56 . 2013-12-21 10:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-21 10:56 . 2013-12-21 10:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-19 20:33 . 2014-01-08 05:42    1884448    ----a-w-    c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 05:42    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433221.dll
2013-12-10 02:15 . 2013-10-29 00:52    982232    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:14 . 2013-10-29 00:52    1100248    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-12-09 22:15 . 2013-12-09 22:15    694376    ----a-w-    c:\windows\system32\drivers\RTL8192su.sys
2013-12-09 22:14 . 2013-12-09 22:14    349416    ----a-w-    c:\windows\system32\drivers\nvmf6264.sys
2013-12-09 22:14 . 2010-04-17 03:00    657512    ----a-w-    c:\windows\system32\nvunrm.exe
2013-12-09 22:14 . 2010-04-17 03:00    229480    ----a-w-    c:\windows\system32\nvconrm.dll
2013-12-09 22:14 . 2010-04-17 02:15    657512    ----a-w-    c:\windows\system32\nvuninst.exe
2013-12-09 22:14 . 2013-12-09 22:14    758272    ----a-w-    c:\windows\system32\cohelper.dll
2013-12-09 22:14 . 2010-04-17 03:00    953344    ----a-w-    c:\windows\system32\fdco2.dll
2013-12-09 22:09 . 2013-12-09 22:09    403560    ----a-w-    c:\windows\system32\nvraiins.dll
2013-12-09 22:09 . 2013-12-09 22:09    403560    ----a-w-    c:\windows\system32\nvraidco.dll
2013-12-09 22:09 . 2013-12-09 22:09    244328    ----a-w-    c:\windows\system32\drivers\nvstor64.sys
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoPtb.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoIt.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoFr.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoEsm.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoEs.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoDe.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoSv.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoRu.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoNo.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoNl.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoFi.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoDa.dll
2013-12-09 22:09 . 2013-12-09 22:09    18024    ----a-w-    c:\windows\system32\NvRCoENU.dll
2013-12-09 22:09 . 2013-12-09 22:09    18024    ----a-w-    c:\windows\system32\NvRCoEng.dll
2013-12-09 22:09 . 2013-12-09 22:09    16488    ----a-w-    c:\windows\system32\NvRCoKo.dll
2013-12-09 22:09 . 2013-12-09 22:09    16488    ----a-w-    c:\windows\system32\NvRCoJa.dll
2013-12-09 22:09 . 2013-12-09 22:09    15976    ----a-w-    c:\windows\system32\NvRCoZht.dll
2013-12-09 22:09 . 2013-12-09 22:09    15976    ----a-w-    c:\windows\system32\NvRCoZhc.dll
2013-12-09 22:04 . 2013-12-09 22:04    211184    ----a-w-    c:\windows\system32\SRSTSH64.dll
2013-12-09 22:04 . 2013-12-09 22:04    198896    ----a-w-    c:\windows\system32\SRSHP64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1662024    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2013-12-09 22:04 . 2013-12-09 22:04    2810072    ----a-w-    c:\windows\system32\RtPgEx64.dll
2013-12-09 22:04 . 2013-12-09 22:04    331880    ----a-w-    c:\windows\system32\RtlCPAPI64.dll
2013-12-09 22:04 . 2013-12-09 22:04    3707864    ----a-w-    c:\windows\system32\drivers\RTKVHD64.sys
2013-12-09 22:04 . 2013-12-09 22:04    149608    ----a-w-    c:\windows\system32\RtkCfg64.dll
2013-12-09 22:04 . 2013-12-09 22:04    14952    ----a-w-    c:\windows\system32\RtkCoLDR64.dll
2013-12-09 22:04 . 2013-12-09 22:04    2587864    ----a-w-    c:\windows\system32\RtkAPO64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1021656    ----a-w-    c:\windows\system32\RtkApi64.dll
2013-12-09 22:04 . 2013-12-09 22:04    375128    ----a-w-    c:\windows\system32\RTEEP64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    78680    ----a-w-    c:\windows\system32\RTEEG64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    204120    ----a-w-    c:\windows\system32\RTEED64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    101208    ----a-w-    c:\windows\system32\RTEEL64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    617176    ----a-w-    c:\windows\system32\RtDataProc64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1286360    ----a-w-    c:\windows\system32\RTCOM64.dll
2013-12-09 22:04 . 2013-12-09 22:04    310104    ----a-w-    c:\windows\system32\RP3DHT64.dll
2013-12-09 22:04 . 2013-12-09 22:04    310104    ----a-w-    c:\windows\system32\RP3DAA64.dll
2013-12-09 22:04 . 2013-12-09 22:04    38385664    ----a-w-    c:\windows\system32\RCoRes64.dat
2013-12-09 22:04 . 2013-12-09 22:04    153304    ----a-w-    c:\windows\system32\RCoInstII64.dll
2013-12-09 22:03 . 2013-12-09 22:03    2743328    ----a-w-    c:\windows\system32\FMAPO64.dll
2013-12-09 22:03 . 2013-12-09 22:03    113576    ----a-w-    c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-09 22:03 . 2013-12-09 22:03    209096    ----a-w-    c:\windows\system32\AERTAC64.dll
2013-12-09 22:03 . 2013-12-09 22:03    108640    ----a-w-    c:\windows\system32\AERTAR64.dll
2013-12-05 08:42 . 2013-12-18 04:30    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2013-12-05 08:42 . 2013-12-18 04:30    32544    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2013-12-05 08:42 . 2013-07-31 05:44    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-11-28 13:38 . 2014-01-08 05:42    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-11-28 13:38 . 2014-01-08 05:42    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-11-26 03:47 . 2013-11-26 03:47    196376    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2013-11-26 03:47 . 2013-11-26 03:47    243480    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-26 03:47 . 2013-11-26 03:47    150808    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2013-11-23 19:26 . 2013-11-28 04:34    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433193.dll
2013-11-23 19:26 . 2013-11-28 04:34    1884448    ----a-w-    c:\windows\system32\nvdispco6433193.dll
2013-11-23 18:26 . 2013-12-10 18:40    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 18:40    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-22 08:36 . 2014-01-08 05:42    1515296    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-11-20 20:37 . 2013-01-22 17:43    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110511151181}]
2014-02-13 21:41    677888    ----a-w-    c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-02-05 23:09    3401752    ----a-w-    c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll" [2014-02-05 3401752]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-14 1822400]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-02-05 2535448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"Adobe Version Cue CS2"="c:\progra~2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-04 3813712]
.
c:\users\Shade the Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-3-9 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Shade the Wolf\Documents\EEK\Run\a2ddax64.sys;c:\users\Shade the Wolf\Documents\EEK\Run\a2ddax64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\SHADET~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\SHADET~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Shade the Wolf\AppData\Local\Temp\tmp6B30.tmp;c:\users\Shade the Wolf\AppData\Local\Temp\tmp6B30.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - WINRING0_1_2_0
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:08]
.
2014-02-18 c:\windows\Tasks\FTdownloader V9.0-chromeinstaller.job
- c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-chromeinstaller.exe [2014-02-13 21:41]
.
2014-02-18 c:\windows\Tasks\FTdownloader V9.0-codedownloader.job
- c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-codedownloader.exe [2014-02-13 21:41]
.
2014-02-18 c:\windows\Tasks\FTdownloader V9.0-enabler.job
- c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-enabler.exe [2014-02-13 21:42]
.
2014-02-18 c:\windows\Tasks\FTdownloader V9.0-firefoxinstaller.job
- c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-firefoxinstaller.exe [2014-02-13 21:41]
.
2014-02-18 c:\windows\Tasks\FTdownloader V9.0-updater.job
- c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-updater.exe [2014-02-13 21:42]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:14]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:14]
.
2014-02-18 c:\windows\Tasks\HPCeeScheduleForShade the Wolf.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2014-02-13 c:\windows\Tasks\HPCeeScheduleForSHADETHEWOLF-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110511151181}]
2014-02-13 21:42    949248    ----a-w-    c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-bho64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3298572&octid=CT3298572&SearchSource=61&CUI=UN20251767443093131&UM=2&UP=SP41B002FC-486D-456E-9F03-A1D202111613
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=6d0b7e39-8617-4e60-9d54-70612262ec27&searchtype=ds&q={searchTerms}&installDate=13/07/2013
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: spoonyexperiment.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=66B10BA9-C650-42C8-AE10-3F15B841043A
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 481a623e00000000000008863b7a7d7d
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16114
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.315:42
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
Wow6432Node-HKU-Default-Run-Advanced SystemCare 7 - c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Shade the Wolf\AppData\Local\Temp\tmp6B30.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
.
**************************************************************************
.
Completion time: 2014-02-17  18:45:34 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-18 00:45
.
Pre-Run: 153,686,249,472 bytes free
Post-Run: 154,652,827,648 bytes free
.
- - End Of File - - C8096758A184C822C0458220D1F8E579
F2F2160DE70CFDC52A6E5FC26D7D306E
 

 

Hopefully the scan went well.



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 18 February 2014 - 05:04 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Shade the Wolf

Shade the Wolf
  • Topic Starter

  • Members
  • 130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:By my computer
  • Local time:02:12 PM

Posted 18 February 2014 - 05:35 PM

 

ComboFix 14-02-18.01 - Shade the Wolf 8/2014 Tue  13:05:45.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.4094.2327 [GMT -6:00]
Running from: c:\users\Shade the Wolf\Desktop\ComboFix.exe
Command switches used :: c:\users\Shade the Wolf\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FTdownloader V9.0-chromeinstaller.job"
"c:\windows\Tasks\FTdownloader V9.0-codedownloader.job"
"c:\windows\Tasks\FTdownloader V9.0-enabler.job"
"c:\windows\Tasks\FTdownloader V9.0-firefoxinstaller.job"
"c:\windows\Tasks\FTdownloader V9.0-updater.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FTdownloader V9.0
c:\program files (x86)\FTdownloader V9.0\51581.crx
c:\program files (x86)\FTdownloader V9.0\51581.xpi
c:\program files (x86)\FTdownloader V9.0\background.html
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-bg.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-bho.dll
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-bho64.dll
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-buttonutil.dll
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-buttonutil.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-buttonutil64.dll
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-buttonutil64.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-chromeinstaller.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-codedownloader.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-enabler.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-firefoxinstaller.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-helper.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-updater.exe
c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0.ico
c:\program files (x86)\FTdownloader V9.0\Installer.log
c:\program files (x86)\FTdownloader V9.0\Uninstall.exe
c:\program files (x86)\FTdownloader V9.0\utils.exe
c:\program files (x86)\IminentToolbar
c:\program files (x86)\Mobogenie
c:\program files (x86)\Mobogenie\MgAssist.exe
c:\program files (x86)\Mobogenie\msvcp100.dll
c:\program files (x86)\Mobogenie\msvcr100.dll
c:\program files (x86)\Mobogenie\ok.htm
c:\program files (x86)\Mobogenie\QtCore4.dll
c:\program files\Theme Resource Changer
c:\program files\Theme Resource Changer\sseexec.dat
c:\program files\Theme Resource Changer\SSEun.dat
c:\program files\Theme Resource Changer\ThemeResourceChanger.dll
c:\program files\Theme Resource Changer\Uninstall-ThemeResourceChangerX64.exe
c:\users\Shade the Wolf\.android
c:\users\Shade the Wolf\.android\adbkey
c:\users\Shade the Wolf\.android\adbkey.pub
c:\users\Shade the Wolf\AppData\Local\cache
c:\users\Shade the Wolf\AppData\Local\cache\data7\0\1tgf5850.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\0\1zx27v30.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\0\2kolj8xp.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\0\2tjdfs10.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\0\3lrq1el0.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\0\3pb8noop.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\0\3pff9xd0.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\1dolyxg1.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\26rb70ea.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\28cxfqoq.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\2dknz64q.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\2htydrk1.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\2x3152fq.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\2y15i5dq.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\3bnv6vua.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\1\hdlcfcy1.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\17ob3rb2.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\20t318q2.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\21tokf8b.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\29xcmf2r.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\2o9pn5hr.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\2oey741r.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\30zmut7b.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\37zm53gr.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\3ixrhdwr.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\3ptrm7s2.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\gou4ps5b.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\r768kxzr.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\2\tymb5c5b.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\1304hbgs.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\2317x5kc.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\2o1en5ks.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\30q180ds.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\3tuj92bs.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\mhgoxr4c.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\onms3km3.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\q3x5mjuc.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\3\v4xugxl3.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\1ohtdc64.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\1u4imsyt.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\29nawy04.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\2gp11jg4.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\2rkzi4et.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\2xt7b1z4.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\313nz1ct.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\34gfm14t.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\4\3dw6gemt.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\13ttpxq5.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\1az27k55.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\1djsm1v5.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\1gk0815e.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\1kan2dc5.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\1sr6fv2u.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\1wglxe85.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\1xe6jfku.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\26jk49bu.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\27id0f35.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\2c9xx3q5.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\30nh073e.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\31up9p35.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\352cxu0u.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\3auxirle.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\3fz0czm5.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\3hxvh9xu.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\3lft60je.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\nvc7qz1u.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\syeiet55.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\t3qf1cju.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\5\tn1e4l65.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\1zw88fzf.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\2obyabsv.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\2v38v456.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\2zcm3656.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\33qouog6.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\3ec1gm4v.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\3fhrpk5v.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\3fpjryaf.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\3n22ctov.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\c5qgqqcv.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\nzq8i4uf.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\6\tbafqzsf.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\1l5u41jg.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\1uiy29j7.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\28j2eks7.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\2bs28gjg.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\2e9sygow.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\2j7zdd9w.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\33k29447.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\369vwf77.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\39lysntw.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\3ni97xag.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\3p2a35wg.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\7\jxksezww.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\1cldrvqx.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\1nrxxith.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\1ppd32w8.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\1szhqm9h.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\1u3rukb8.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\1z9c4f3x.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\22qu24j8.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\27btiw1x.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\2frozvv8.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\2iyyrinx.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\2o00rkoh.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\3qnrtyph.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\8\w1pvsfxx.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\9\1026jw4y.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\9\1j681wxy.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\9\37jc48k9.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\9\8c12hdui.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\9\kj3na9ni.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\9\xbv5iw6y.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\9\xwqu1rn9.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\a\15yop5pz.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\a\22r053rj.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\a\2iduv9jz.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\a\2stwd93j.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\a\4tzhsucz.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\a\c6ym7grj.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\a\ids0zgij.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\a\tn96d5yz.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\b\25i4i99k.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\b\2683lelk.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\b\3kvqi0wk.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\b\eigt1o1k.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\c\w1qbepul.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\d\2kgrv1xm.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\d\2rjwcz0m.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\d\3hmmcnwm.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\d\gp0j6bim.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\d\wv4memmm.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\e\23jfwrpn.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\e\2d5fujln.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\e\3u5l3win.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\e\9bnshwin.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\f\202tpgjo.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\f\39nrp0ao.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\f\3j18m0po.d
c:\users\Shade the Wolf\AppData\Local\cache\data7\f\fj7qiq0o.d
c:\users\Shade the Wolf\AppData\Local\Cool_Mirage
c:\users\Shade the Wolf\AppData\Local\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou\1.1.4.0\user.config
c:\users\Shade the Wolf\AppData\Local\Mobogenie
c:\users\Shade the Wolf\AppData\Local\Mobogenie\adb.black_devices
c:\users\Shade the Wolf\AppData\Local\Mobogenie\adb.write_devices
c:\users\Shade the Wolf\AppData\Local\Mobogenie\client.time
c:\users\Shade the Wolf\AppData\Local\Mobogenie\damo.time
c:\users\Shade the Wolf\AppData\Local\Mobogenie\Data\mobogenie_u_user_dl.mg
c:\users\Shade the Wolf\AppData\Local\Mobogenie\mobo.uuid
c:\users\Shade the Wolf\AppData\Local\Mobogenie\Source.mu
c:\users\Shade the Wolf\AppData\Local\Mobogenie\updatepop.time
c:\users\Shade the Wolf\AppData\Local\Mobogenie\Version\CacheVersion\release-update.xml
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome.manifest
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\asyncDB.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\background.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\browserAction.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\contextMenu.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\dbManager.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\dom_bg.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\fileManager.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\firefox.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\firefoxNotifications.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\firefoxOmnibox.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\message.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\pageAction.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\request.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\tabs.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\webRequest.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\background.html
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\baseObject.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\browser.xul
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\console.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\consts.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\delegate.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\extensionDataStore.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\folderIOWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\httpObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\IDBWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\installer.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\logFile.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\prefs.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\progressListenerObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\registry.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\reloadObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\reports.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\requestObject.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\searchSettings.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\uninstallObserver.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\updateManager.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\utils.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\core\xhr.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\dialog.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\main.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\options.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\options.xul
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\platformVersion.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\chrome\content\search_dialog.xul
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\defaults\preferences\prefs.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\manifest.xml
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins.json
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\1_base.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\1000020_analytics.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\1000025_analyticsFront.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\1000030_mz.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\17_jQuery.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\182_openUrl.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\207_dbWrapper.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\21_debug.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\22_resources.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\28_initializer.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\47_resources_background.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\64_appApiMessage.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\72_appApiValidation.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\plugins\98_omniCommands.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\userCode\background.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\extensionData\userCode\extension.js
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\install.rdf
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\locale\en-US\translations.dtd
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button1.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button2.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button3.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button4.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\button5.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\crossrider_statusbar.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\icon128.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\icon16.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\icon24.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\icon48.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\panelarrow-up.png
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\popup.html
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\skin.css
c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\extensions\457fdf22-3576-4b12-9012-c3017e51228f@6cd2d432-a21e-4fc2-9951-217b397ece11.com\skin\update.css
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-18 to 2014-02-18  )))))))))))))))))))))))))))))))
.
.
2014-02-18 19:16 . 2014-02-18 19:16    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2014-02-18 19:16 . 2014-02-18 19:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-18 19:16 . 2014-02-18 19:16    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-02-14 19:29 . 2014-02-14 21:23    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-14 19:29 . 2014-02-14 19:29    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-14 19:28 . 2014-02-14 19:28    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-12 15:48 . 2013-12-21 09:53    548864    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-12 15:48 . 2013-12-21 08:56    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-02-12 15:45 . 2013-12-06 02:30    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-12 15:45 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-12 15:45 . 2013-12-06 02:02    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-12 15:45 . 2013-12-06 02:02    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-12 15:45 . 2013-12-24 23:09    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-02-12 15:45 . 2013-12-24 22:48    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-02-12 15:45 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-02-12 15:45 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-02-05 16:01 . 2014-02-05 16:01    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2014-02-01 19:23 . 2014-02-01 19:23    --------    d-----w-    c:\users\Shade the Wolf\AppData\Roaming\Ubisoft
2014-02-01 19:15 . 2014-02-01 19:15    --------    d-----w-    c:\programdata\Ubisoft
2014-02-01 19:15 . 2014-02-01 19:15    --------    d-----w-    c:\program files (x86)\Ubisoft
2014-02-01 16:42 . 2014-02-01 16:42    --------    d-----w-    c:\programdata\Square Enix
2014-02-01 16:42 . 2014-02-01 16:42    --------    d-----w-    c:\program files (x86)\Square Enix
2014-01-28 18:58 . 2014-01-15 22:35    599840    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-01-28 18:37 . 2014-01-15 23:13    2711656    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-01-28 16:41 . 2014-01-28 16:41    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-01-28 16:30 . 2014-01-15 23:13    1515296    ----a-w-    c:\windows\system32\nvdispgenco6433467.dll
2014-01-28 16:30 . 2014-01-15 23:13    1885472    ----a-w-    c:\windows\system32\nvdispco6433467.dll
2014-01-27 02:01 . 2014-01-31 20:33    --------    d-----w-    c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-23 07:26 . 2005-04-16 01:58    1351392    ----a-w-    c:\windows\SysWow64\comctl32.ocx
2014-01-20 23:37 . 2014-01-20 23:37    --------    d-----w-    c:\windows\Migration
2014-01-20 23:22 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-20 23:22 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-20 23:22 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-20 23:22 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-20 23:22 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-20 23:22 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-20 23:22 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-20 23:20 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2014-01-20 23:20 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2014-01-20 23:20 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2014-01-20 23:20 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2014-01-20 23:20 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2014-01-20 23:20 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2014-01-20 23:20 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2014-01-20 23:20 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2014-01-20 22:38 . 2014-01-20 22:38    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-20 22:38 . 2014-01-20 22:38    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-20 22:10 . 2013-12-19 03:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-12 15:57 . 2012-03-08 23:34    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-02-05 00:08 . 2012-03-31 16:05    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 00:08 . 2012-03-10 18:58    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 23:13 . 2013-02-02 07:53    18184976    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-01-15 23:13 . 2012-05-22 20:54    947808    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-01-15 23:13 . 2010-04-17 03:00    14668008    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-01-15 23:13 . 2010-04-17 03:00    3087112    ----a-w-    c:\windows\system32\nvapi64.dll
2014-01-15 21:53 . 2009-07-29 17:21    6712608    ----a-w-    c:\windows\system32\nvcpl.dll
2014-01-15 21:53 . 2009-07-29 17:21    3498272    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-01-15 21:53 . 2009-07-29 17:21    923936    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-01-15 21:53 . 2009-07-29 17:21    63776    ----a-w-    c:\windows\system32\nvshext.dll
2014-01-15 21:53 . 2009-07-29 17:21    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2014-01-13 22:31 . 2012-12-25 17:28    3559557    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-12-21 10:56 . 2013-12-21 10:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-21 10:56 . 2013-12-21 10:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-21 10:56 . 2013-12-21 10:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-19 20:33 . 2014-01-08 05:42    1884448    ----a-w-    c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 05:42    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433221.dll
2013-12-10 02:15 . 2013-10-29 00:52    982232    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:14 . 2013-10-29 00:52    1100248    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-12-09 22:15 . 2013-12-09 22:15    694376    ----a-w-    c:\windows\system32\drivers\RTL8192su.sys
2013-12-09 22:14 . 2013-12-09 22:14    349416    ----a-w-    c:\windows\system32\drivers\nvmf6264.sys
2013-12-09 22:14 . 2010-04-17 03:00    657512    ----a-w-    c:\windows\system32\nvunrm.exe
2013-12-09 22:14 . 2010-04-17 03:00    229480    ----a-w-    c:\windows\system32\nvconrm.dll
2013-12-09 22:14 . 2010-04-17 02:15    657512    ----a-w-    c:\windows\system32\nvuninst.exe
2013-12-09 22:14 . 2013-12-09 22:14    758272    ----a-w-    c:\windows\system32\cohelper.dll
2013-12-09 22:14 . 2010-04-17 03:00    953344    ----a-w-    c:\windows\system32\fdco2.dll
2013-12-09 22:09 . 2013-12-09 22:09    403560    ----a-w-    c:\windows\system32\nvraiins.dll
2013-12-09 22:09 . 2013-12-09 22:09    403560    ----a-w-    c:\windows\system32\nvraidco.dll
2013-12-09 22:09 . 2013-12-09 22:09    244328    ----a-w-    c:\windows\system32\drivers\nvstor64.sys
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoPtb.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoIt.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoFr.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoEsm.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoEs.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoDe.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoSv.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoRu.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoNo.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoNl.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoFi.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoDa.dll
2013-12-09 22:09 . 2013-12-09 22:09    18024    ----a-w-    c:\windows\system32\NvRCoENU.dll
2013-12-09 22:09 . 2013-12-09 22:09    18024    ----a-w-    c:\windows\system32\NvRCoEng.dll
2013-12-09 22:09 . 2013-12-09 22:09    16488    ----a-w-    c:\windows\system32\NvRCoKo.dll
2013-12-09 22:09 . 2013-12-09 22:09    16488    ----a-w-    c:\windows\system32\NvRCoJa.dll
2013-12-09 22:09 . 2013-12-09 22:09    15976    ----a-w-    c:\windows\system32\NvRCoZht.dll
2013-12-09 22:09 . 2013-12-09 22:09    15976    ----a-w-    c:\windows\system32\NvRCoZhc.dll
2013-12-09 22:04 . 2013-12-09 22:04    211184    ----a-w-    c:\windows\system32\SRSTSH64.dll
2013-12-09 22:04 . 2013-12-09 22:04    198896    ----a-w-    c:\windows\system32\SRSHP64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1662024    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2013-12-09 22:04 . 2013-12-09 22:04    2810072    ----a-w-    c:\windows\system32\RtPgEx64.dll
2013-12-09 22:04 . 2013-12-09 22:04    331880    ----a-w-    c:\windows\system32\RtlCPAPI64.dll
2013-12-09 22:04 . 2013-12-09 22:04    3707864    ----a-w-    c:\windows\system32\drivers\RTKVHD64.sys
2013-12-09 22:04 . 2013-12-09 22:04    149608    ----a-w-    c:\windows\system32\RtkCfg64.dll
2013-12-09 22:04 . 2013-12-09 22:04    14952    ----a-w-    c:\windows\system32\RtkCoLDR64.dll
2013-12-09 22:04 . 2013-12-09 22:04    2587864    ----a-w-    c:\windows\system32\RtkAPO64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1021656    ----a-w-    c:\windows\system32\RtkApi64.dll
2013-12-09 22:04 . 2013-12-09 22:04    375128    ----a-w-    c:\windows\system32\RTEEP64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    78680    ----a-w-    c:\windows\system32\RTEEG64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    204120    ----a-w-    c:\windows\system32\RTEED64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    101208    ----a-w-    c:\windows\system32\RTEEL64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    617176    ----a-w-    c:\windows\system32\RtDataProc64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1286360    ----a-w-    c:\windows\system32\RTCOM64.dll
2013-12-09 22:04 . 2013-12-09 22:04    310104    ----a-w-    c:\windows\system32\RP3DHT64.dll
2013-12-09 22:04 . 2013-12-09 22:04    310104    ----a-w-    c:\windows\system32\RP3DAA64.dll
2013-12-09 22:04 . 2013-12-09 22:04    38385664    ----a-w-    c:\windows\system32\RCoRes64.dat
2013-12-09 22:04 . 2013-12-09 22:04    153304    ----a-w-    c:\windows\system32\RCoInstII64.dll
2013-12-09 22:03 . 2013-12-09 22:03    2743328    ----a-w-    c:\windows\system32\FMAPO64.dll
2013-12-09 22:03 . 2013-12-09 22:03    113576    ----a-w-    c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-09 22:03 . 2013-12-09 22:03    209096    ----a-w-    c:\windows\system32\AERTAC64.dll
2013-12-09 22:03 . 2013-12-09 22:03    108640    ----a-w-    c:\windows\system32\AERTAR64.dll
2013-12-05 08:42 . 2013-12-18 04:30    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2013-12-05 08:42 . 2013-12-18 04:30    32544    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2013-12-05 08:42 . 2013-07-31 05:44    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-11-28 13:38 . 2014-01-08 05:42    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-11-28 13:38 . 2014-01-08 05:42    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-11-26 03:47 . 2013-11-26 03:47    196376    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2013-11-26 03:47 . 2013-11-26 03:47    243480    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-26 03:47 . 2013-11-26 03:47    150808    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2013-11-23 19:26 . 2013-11-28 04:34    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433193.dll
2013-11-23 19:26 . 2013-11-28 04:34    1884448    ----a-w-    c:\windows\system32\nvdispco6433193.dll
2013-11-23 18:26 . 2013-12-10 18:40    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 18:40    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-22 08:36 . 2014-01-08 05:42    1515296    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-11-20 20:37 . 2013-01-22 17:43    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-02-05 23:09    3401752    ----a-w-    c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll" [2014-02-05 3401752]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-17 1822400]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-02-05 2535448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"Adobe Version Cue CS2"="c:\progra~2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-04 3813712]
.
c:\users\Shade the Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-3-9 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Shade the Wolf\Documents\EEK\Run\a2ddax64.sys;c:\users\Shade the Wolf\Documents\EEK\Run\a2ddax64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\SHADET~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\SHADET~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Shade the Wolf\AppData\Local\Temp\tmp6C3.tmp;c:\users\Shade the Wolf\AppData\Local\Temp\tmp6C3.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:08]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:14]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:14]
.
2014-02-18 c:\windows\Tasks\HPCeeScheduleForShade the Wolf.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2014-02-13 c:\windows\Tasks\HPCeeScheduleForSHADETHEWOLF-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=6d0b7e39-8617-4e60-9d54-70612262ec27&searchtype=ds&q={searchTerms}&installDate=13/07/2013
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: spoonyexperiment.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110511151181} - c:\program files (x86)\FTdownloader V9.0\FTdownloader V9.0-bho.dll
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-FTdownloader V9.0 - c:\program files (x86)\FTdownloader V9.0\Uninstall.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Shade the Wolf\AppData\Local\Temp\tmp6C3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-18  13:20:21
ComboFix-quarantined-files.txt  2014-02-18 19:20
ComboFix2.txt  2014-02-18 00:45
.
Pre-Run: 154,305,343,488 bytes free
Post-Run: 154,233,446,400 bytes free
.
- - End Of File - - 44B9E475D24FC5955F3AB5E5215EDAFA
F2F2160DE70CFDC52A6E5FC26D7D306E
 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Shade the Wolf :: SHADETHEWOLF-PC [administrator]

2/18/2014 1:26:56 PM
mbam-log-2014-02-18 (13-26-56).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 676670
Time elapsed: 3 hour(s), 3 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 17
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0051581.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0051581.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0051581.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\FTdownloader V9.0 (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\installdaddy (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\Software\FTdownloader V9.0 (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511151181} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110511151181} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0G2Y1R2X0G1M2S1M0G1S1H -> Quarantined and deleted successfully.
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN20251767443093131&UM=2&ctid=CT3298572 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=6d0b7e39-8617-4e60-9d54-70612262ec27&searchtype=ds&q={searchTerms}&installDate=13/07/2013) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=6d0b7e39-8617-4e60-9d54-70612262ec27&searchtype=ds&q={searchTerms}&installDate=13/07/2013) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 25
C:\Users\Shade the Wolf\AppData\Roaming\eDownload (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\ar (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\da (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\de (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\en (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\es (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\fr (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\it (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\nl (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\pl (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\pt (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\ro (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\th (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\tr (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\tw (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\vi (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\zh (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\OpenCandy\6624673C552C46E2A43C6C6FAE2DAAE8 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaplhdbgkcmjnbdflmhkkioklkffcla (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaplhdbgkcmjnbdflmhkkioklkffcla\1.26.8_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

Files Detected: 59
C:\Program Files (x86)\GoforFiles\uninstall.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-bg.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-bho.dll.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-bho64.dll.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-buttonutil.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-buttonutil64.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-chromeinstaller.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-codedownloader.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-enabler.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-firefoxinstaller.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-updater.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\utils.exe.vir (PUP.Optional.FTdownloader.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED2PU5VY\IMinentToolbar[1].exe (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETL9DJFX\metro[1].exe (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPK94C4B\MinibarFirefox[1].exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\7 zip setup.exe (PUP.Soft32Downloader) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\7ZipSetup-28WkpJc.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\BlisterHDD_v1.20.gadget.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\DAEMONToolsUltra210-0187.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\file.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\greengamesham-setup.exe (PUP.Optional.DownloadAdmin) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe (PUP.Optional.Verti) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\tuneup_utilities_2013_product_key_downloader_99096.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\Downloads\[littleangelshentai.net]_Nighthawk_-_Hikage_de_sukusuku_127.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\eDownload.log (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\GoPlayerSetup_en.exe (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\config.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\db.con (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\ar\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\da\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\de\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\en\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\es\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\fr\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\it\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\nl\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\pl\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\pt\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\ro\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\th\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\tr\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\tw\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\vi\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\res\lang\zh\down_lang.ini (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\body.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\bt2.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\btn_close.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\btn_min.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\config.Bindable (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\config.xml (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\glow1.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\glow2.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\logo.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\progress_bg.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\progress_over.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\rotate.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\slogo.png (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\eDownload\skin\dl\Thumbs.db (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
C:\Users\Shade the Wolf\AppData\Roaming\OpenCandy\6624673C552C46E2A43C6C6FAE2DAAE8\TuneUpUtilities2013_2200320_en-US.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
 

 

I'm gonna restart now.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 19 February 2014 - 07:07 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Shade the Wolf

Shade the Wolf
  • Topic Starter

  • Members
  • 130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:By my computer
  • Local time:02:12 PM

Posted 19 February 2014 - 01:35 PM

The page won't load. It's saying "Page isn't redirecting properly".

 

EDIT: Nevermind, it just loaded. I'm running the scan now. I should also leave "scan archives" unticked, right?

 

 

C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files (x86)\NAMCO BANDAI Games\DarkSouls\xlive.dll    a variant of Win32/Packed.VMProtect.AAN trojan
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Settings\Settings.exe    a variant of Win32/MessengerPlus.A potentially unwanted application
C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-buttonutil64.dll.vir    a variant of Win64/Toolbar.Crossrider.C potentially unwanted application
C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Shade the Wolf\Downloads\CheatEngine62.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Shade the Wolf\Downloads\DrivesMeterVersion43.exe    a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Shade the Wolf\Downloads\GoPlayer.exe    a variant of Win32/ELEX.L potentially unwanted application
C:\Users\Shade the Wolf\Downloads\imf-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Shade the Wolf\Downloads\keyfinder_setup.exe    Win32/InstallMonetizer.AF potentially unwanted application
C:\Users\Shade the Wolf\Downloads\Setup-PlusForSkype-1.5.exe    a variant of Win32/MessengerPlus.A potentially unwanted application
C:\Users\Shade the Wolf\Downloads\YontooUninstaller.exe    Win32/Adware.Yontoo application
 


Edited by Shade the Wolf, 19 February 2014 - 07:06 PM.


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 20 February 2014 - 07:38 AM

scan archives should be ticked, so please tick it and rescan.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Shade the Wolf

Shade the Wolf
  • Topic Starter

  • Members
  • 130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:By my computer
  • Local time:02:12 PM

Posted 20 February 2014 - 08:25 AM

Alright, I will. Here's the log.

 

 

C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files (x86)\NAMCO BANDAI Games\DarkSouls\xlive.dll    a variant of Win32/Packed.VMProtect.AAN trojan
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Settings\Settings.exe    a variant of Win32/MessengerPlus.A potentially unwanted application
C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\FTdownloader V9.0\FTdownloader V9.0-buttonutil64.dll.vir    a variant of Win64/Toolbar.Crossrider.C potentially unwanted application
C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Shade the Wolf\Downloads\CheatEngine62.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Shade the Wolf\Downloads\CoreTemp.zip    probably a variant of Win32/Complitly.A potentially unwanted application
C:\Users\Shade the Wolf\Downloads\DrivesMeterVersion43.exe    a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Shade the Wolf\Downloads\GoPlayer.exe    a variant of Win32/ELEX.L potentially unwanted application
C:\Users\Shade the Wolf\Downloads\imf-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Shade the Wolf\Downloads\keyfinder_setup.exe    Win32/InstallMonetizer.AF potentially unwanted application
C:\Users\Shade the Wolf\Downloads\Setup-PlusForSkype-1.5.exe    a variant of Win32/MessengerPlus.A potentially unwanted application
C:\Users\Shade the Wolf\Downloads\System.Shock.2.PC.Game.[FROSTY].iso    a variant of Win32/Tool.TPE.A potentially unsafe application
C:\Users\Shade the Wolf\Downloads\YontooUninstaller.exe    Win32/Adware.Yontoo application


Edited by Shade the Wolf, 20 February 2014 - 02:29 PM.


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 24 February 2014 - 04:02 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Shade the Wolf

Shade the Wolf
  • Topic Starter

  • Members
  • 130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:By my computer
  • Local time:02:12 PM

Posted 24 February 2014 - 08:53 PM

 

# AdwCleaner v3.019 - Report created 24/02/2014 at 19:43:05
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Shade the Wolf - SHADETHEWOLF-PC
# Running from : C:\Users\Shade the Wolf\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\goforfiles
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
[!] Folder Deleted : C:\Users\Shade the Wolf\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Shade the Wolf\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Shade the Wolf\AppData\Local\PackageAware
Folder Deleted : C:\Users\Shade the Wolf\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Shade the Wolf\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Shade the Wolf\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Shade the Wolf\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Shade the Wolf\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Shade the Wolf\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Shade the Wolf\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Shade the Wolf\Documents\Mobogenie
File Deleted : C:\Users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\searchplugins\iminent.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_jiangmin-antivirus_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_jiangmin-antivirus_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_moonphase (1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_moonphase (1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_moonphase_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_moonphase_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152281}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155581}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156681}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152281}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155581}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156681}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\prefs.js ]

Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("extensions.crossrider.bic", "1442d33f1d6bf727b875b0e9171b5d3a");

*************************

AdwCleaner[R0].txt - [20555 octets] - [24/02/2014 19:41:49]
AdwCleaner[S0].txt - [20061 octets] - [24/02/2014 19:43:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20122 octets] ##########
 

 

 

ComboFix 14-02-24.02 - Shade the Wolf 4/2014 Mon  19:14:34.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.4094.2509 [GMT -6:00]
Running from: c:\users\Shade the Wolf\Desktop\ComboFix.exe
Command switches used :: c:\users\Shade the Wolf\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Mozilla Firefox\browser\nsprotector.js"
"c:\program files (x86)\NAMCO BANDAI Games\DarkSouls\xlive.dll"
"c:\users\Shade the Wolf\Downloads\CheatEngine62.exe"
"c:\users\Shade the Wolf\Downloads\CoreTemp.zip"
"c:\users\Shade the Wolf\Downloads\DrivesMeterVersion43.exe"
"c:\users\Shade the Wolf\Downloads\GoPlayer.exe"
"c:\users\Shade the Wolf\Downloads\imf-setup.exe"
"c:\users\Shade the Wolf\Downloads\keyfinder_setup.exe"
"c:\users\Shade the Wolf\Downloads\Setup-PlusForSkype-1.5.exe"
"c:\users\Shade the Wolf\Downloads\System.Shock.2.PC.Game.[FROSTY].iso"
"c:\users\Shade the Wolf\Downloads\YontooUninstaller.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Yuna Software\Messenger Plus! for Skype
c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\Settings\Settings.exe
c:\programdata\IObit
c:\programdata\IObit\Advanced SystemCare V7\App.bk
c:\programdata\IObit\Advanced SystemCare V7\AscService.ini
c:\programdata\IObit\Advanced SystemCare V7\EApp.bk
c:\programdata\IObit\Advanced SystemCare V7\Ext.dat
c:\programdata\IObit\Advanced SystemCare V7\HealthLevel.ini
c:\programdata\IObit\Advanced SystemCare V7\Homepage Protection\ASCService.log
c:\programdata\IObit\Advanced SystemCare V7\Homepage Protection\homepage.log
c:\programdata\IObit\Advanced SystemCare V7\License.dat
c:\programdata\IObit\Advanced SystemCare V7\Service_Game.ini
c:\programdata\IObit\Advanced SystemCare V7\services.ini
c:\programdata\IObit\Advanced SystemCare V7\ZLB2E7F.tmp
c:\programdata\IObit\Advanced SystemCare V7\ZLB2EBD.tmp
c:\programdata\IObit\Advanced SystemCare V7\ZLB464.tmp
c:\programdata\IObit\ASCDownloader\Advanced SystemCare.exe
c:\programdata\IObit\ASCDownloader\Advanced SystemCare.exe.dat
c:\programdata\IObit\ASCDownloader\Downloader.log
c:\programdata\IObit\ASCDownloader\Driver Booster.exe
c:\programdata\IObit\ASCDownloader\Driver Booster.exe.dat
c:\programdata\IObit\ASCDownloader\Smart Defrag.exe
c:\programdata\IObit\ASCDownloader\Smart Defrag.exe.dat
c:\programdata\IObit\Game Booster 3\Defrags.ini
c:\programdata\IObit\Game Booster 3\DiagnoseReport 1.0.txt
c:\programdata\IObit\Game Booster 3\GameBooster.ini
c:\programdata\IObit\Install.ini
c:\programdata\IObit\Public.ini
c:\users\All Users\IObit\Advanced SystemCare V7\App.bk
c:\users\All Users\IObit\Advanced SystemCare V7\AscService.ini
c:\users\All Users\IObit\Advanced SystemCare V7\EApp.bk
c:\users\All Users\IObit\Advanced SystemCare V7\Ext.dat
c:\users\All Users\IObit\Advanced SystemCare V7\HealthLevel.ini
c:\users\All Users\IObit\Advanced SystemCare V7\Homepage Protection\ASCService.log
c:\users\All Users\IObit\Advanced SystemCare V7\Homepage Protection\homepage.log
c:\users\All Users\IObit\Advanced SystemCare V7\License.dat
c:\users\All Users\IObit\Advanced SystemCare V7\Service_Game.ini
c:\users\All Users\IObit\Advanced SystemCare V7\services.ini
c:\users\All Users\IObit\Advanced SystemCare V7\ZLB2E7F.tmp
c:\users\All Users\IObit\Advanced SystemCare V7\ZLB2EBD.tmp
c:\users\All Users\IObit\Advanced SystemCare V7\ZLB464.tmp
c:\users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe
c:\users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe.dat
c:\users\All Users\IObit\ASCDownloader\Downloader.log
c:\users\All Users\IObit\ASCDownloader\Driver Booster.exe
c:\users\All Users\IObit\ASCDownloader\Driver Booster.exe.dat
c:\users\All Users\IObit\ASCDownloader\Smart Defrag.exe
c:\users\All Users\IObit\ASCDownloader\Smart Defrag.exe.dat
c:\users\All Users\IObit\Game Booster 3\Defrags.ini
c:\users\All Users\IObit\Game Booster 3\DiagnoseReport 1.0.txt
c:\users\All Users\IObit\Game Booster 3\GameBooster.ini
c:\users\All Users\IObit\Install.ini
c:\users\All Users\IObit\Public.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-25 to 2014-02-25  )))))))))))))))))))))))))))))))
.
.
2014-02-25 01:26 . 2014-02-25 01:26    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2014-02-25 01:26 . 2014-02-25 01:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-25 01:26 . 2014-02-25 01:26    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-02-24 11:26 . 2014-02-08 16:18    599840    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-02-24 11:20 . 2013-12-27 18:42    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2014-02-24 11:20 . 2013-12-27 18:42    33056    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2014-02-24 06:08 . 2014-02-24 06:08    --------    d-----w-    C:\NVIDIA
2014-02-21 01:32 . 2014-02-21 01:32    --------    d-----w-    c:\users\Shade the Wolf\AppData\Local\Ereve
2014-02-18 19:25 . 2014-02-18 19:25    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-18 19:25 . 2013-04-04 20:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-14 19:29 . 2014-02-14 21:23    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-14 19:28 . 2014-02-14 19:28    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-12 15:48 . 2013-12-21 09:53    548864    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-12 15:48 . 2013-12-21 08:56    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-02-12 15:45 . 2013-12-06 02:30    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-12 15:45 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-12 15:45 . 2013-12-06 02:02    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-12 15:45 . 2013-12-06 02:02    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-12 15:45 . 2013-12-24 23:09    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-02-12 15:45 . 2013-12-24 22:48    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-02-12 15:45 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-02-12 15:45 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-02-05 16:01 . 2014-02-05 16:01    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2014-02-01 19:23 . 2014-02-01 19:23    --------    d-----w-    c:\users\Shade the Wolf\AppData\Roaming\Ubisoft
2014-02-01 19:15 . 2014-02-01 19:15    --------    d-----w-    c:\programdata\Ubisoft
2014-02-01 19:15 . 2014-02-01 19:15    --------    d-----w-    c:\program files (x86)\Ubisoft
2014-02-01 16:42 . 2014-02-01 16:42    --------    d-----w-    c:\programdata\Square Enix
2014-02-01 16:42 . 2014-02-01 16:42    --------    d-----w-    c:\program files (x86)\Square Enix
2014-01-28 18:50 . 2014-02-08 18:34    15740232    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-01-28 18:37 . 2014-02-08 18:34    2713728    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-01-28 16:41 . 2014-01-28 16:41    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-01-28 16:30 . 2014-01-15 23:13    1515296    ----a-w-    c:\windows\system32\nvdispgenco6433467.dll
2014-01-28 16:30 . 2014-01-15 23:13    1885472    ----a-w-    c:\windows\system32\nvdispco6433467.dll
2014-01-27 02:01 . 2014-01-31 20:33    --------    d-----w-    c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 23:09 . 2012-03-31 16:05    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-20 23:09 . 2012-03-10 18:58    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-12 15:57 . 2012-03-08 23:34    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-02-08 18:34 . 2013-02-02 07:53    18257576    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2012-05-22 20:54    947296    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2010-04-17 03:00    14669032    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2010-04-17 03:00    3090184    ----a-w-    c:\windows\system32\nvapi64.dll
2014-02-08 17:42 . 2009-07-29 17:21    6712608    ----a-w-    c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2009-07-29 17:21    3498272    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2009-07-29 17:21    923936    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2009-07-29 17:21    63776    ----a-w-    c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2009-07-29 17:21    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2014-02-05 17:52 . 2012-12-25 17:28    3573739    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-02-05 09:31 . 2013-10-29 00:52    1048152    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2013-10-29 00:52    1179576    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-01-20 22:38 . 2014-01-20 22:38    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-20 22:38 . 2014-01-20 22:38    3156480    ----a-w-    c:\windows\system32\win32k.sys
2013-12-27 18:42 . 2013-07-31 05:44    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-12-21 10:56 . 2013-12-21 10:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-21 10:56 . 2013-12-21 10:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-21 10:56 . 2013-12-21 10:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-19 20:33 . 2014-01-08 05:42    1884448    ----a-w-    c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 05:42    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433221.dll
2013-12-19 03:09 . 2014-01-20 22:10    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-09 22:15 . 2013-12-09 22:15    694376    ----a-w-    c:\windows\system32\drivers\RTL8192su.sys
2013-12-09 22:14 . 2013-12-09 22:14    349416    ----a-w-    c:\windows\system32\drivers\nvmf6264.sys
2013-12-09 22:14 . 2010-04-17 03:00    657512    ----a-w-    c:\windows\system32\nvunrm.exe
2013-12-09 22:14 . 2010-04-17 03:00    229480    ----a-w-    c:\windows\system32\nvconrm.dll
2013-12-09 22:14 . 2010-04-17 02:15    657512    ----a-w-    c:\windows\system32\nvuninst.exe
2013-12-09 22:14 . 2013-12-09 22:14    758272    ----a-w-    c:\windows\system32\cohelper.dll
2013-12-09 22:14 . 2010-04-17 03:00    953344    ----a-w-    c:\windows\system32\fdco2.dll
2013-12-09 22:09 . 2013-12-09 22:09    403560    ----a-w-    c:\windows\system32\nvraiins.dll
2013-12-09 22:09 . 2013-12-09 22:09    403560    ----a-w-    c:\windows\system32\nvraidco.dll
2013-12-09 22:09 . 2013-12-09 22:09    244328    ----a-w-    c:\windows\system32\drivers\nvstor64.sys
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoPtb.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoIt.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoFr.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoEsm.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoEs.dll
2013-12-09 22:09 . 2013-12-09 22:09    19048    ----a-w-    c:\windows\system32\NvRCoDe.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoSv.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoRu.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoNo.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoNl.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoFi.dll
2013-12-09 22:09 . 2013-12-09 22:09    18536    ----a-w-    c:\windows\system32\NvRCoDa.dll
2013-12-09 22:09 . 2013-12-09 22:09    18024    ----a-w-    c:\windows\system32\NvRCoENU.dll
2013-12-09 22:09 . 2013-12-09 22:09    18024    ----a-w-    c:\windows\system32\NvRCoEng.dll
2013-12-09 22:09 . 2013-12-09 22:09    16488    ----a-w-    c:\windows\system32\NvRCoKo.dll
2013-12-09 22:09 . 2013-12-09 22:09    16488    ----a-w-    c:\windows\system32\NvRCoJa.dll
2013-12-09 22:09 . 2013-12-09 22:09    15976    ----a-w-    c:\windows\system32\NvRCoZht.dll
2013-12-09 22:09 . 2013-12-09 22:09    15976    ----a-w-    c:\windows\system32\NvRCoZhc.dll
2013-12-09 22:04 . 2013-12-09 22:04    211184    ----a-w-    c:\windows\system32\SRSTSH64.dll
2013-12-09 22:04 . 2013-12-09 22:04    198896    ----a-w-    c:\windows\system32\SRSHP64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1662024    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2013-12-09 22:04 . 2013-12-09 22:04    2810072    ----a-w-    c:\windows\system32\RtPgEx64.dll
2013-12-09 22:04 . 2013-12-09 22:04    331880    ----a-w-    c:\windows\system32\RtlCPAPI64.dll
2013-12-09 22:04 . 2013-12-09 22:04    3707864    ----a-w-    c:\windows\system32\drivers\RTKVHD64.sys
2013-12-09 22:04 . 2013-12-09 22:04    149608    ----a-w-    c:\windows\system32\RtkCfg64.dll
2013-12-09 22:04 . 2013-12-09 22:04    14952    ----a-w-    c:\windows\system32\RtkCoLDR64.dll
2013-12-09 22:04 . 2013-12-09 22:04    2587864    ----a-w-    c:\windows\system32\RtkAPO64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1021656    ----a-w-    c:\windows\system32\RtkApi64.dll
2013-12-09 22:04 . 2013-12-09 22:04    375128    ----a-w-    c:\windows\system32\RTEEP64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    78680    ----a-w-    c:\windows\system32\RTEEG64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    204120    ----a-w-    c:\windows\system32\RTEED64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    101208    ----a-w-    c:\windows\system32\RTEEL64A.dll
2013-12-09 22:04 . 2013-12-09 22:04    617176    ----a-w-    c:\windows\system32\RtDataProc64.dll
2013-12-09 22:04 . 2013-12-09 22:04    1286360    ----a-w-    c:\windows\system32\RTCOM64.dll
2013-12-09 22:04 . 2013-12-09 22:04    310104    ----a-w-    c:\windows\system32\RP3DHT64.dll
2013-12-09 22:04 . 2013-12-09 22:04    310104    ----a-w-    c:\windows\system32\RP3DAA64.dll
2013-12-09 22:04 . 2013-12-09 22:04    38385664    ----a-w-    c:\windows\system32\RCoRes64.dat
2013-12-09 22:04 . 2013-12-09 22:04    153304    ----a-w-    c:\windows\system32\RCoInstII64.dll
2013-12-09 22:03 . 2013-12-09 22:03    2743328    ----a-w-    c:\windows\system32\FMAPO64.dll
2013-12-09 22:03 . 2013-12-09 22:03    113576    ----a-w-    c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-09 22:03 . 2013-12-09 22:03    209096    ----a-w-    c:\windows\system32\AERTAC64.dll
2013-12-09 22:03 . 2013-12-09 22:03    108640    ----a-w-    c:\windows\system32\AERTAR64.dll
2013-11-28 13:38 . 2014-01-08 05:42    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-11-28 13:38 . 2014-01-08 05:42    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-11-27 01:41 . 2014-01-20 23:22    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-20 23:22    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-20 23:22    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-20 23:22    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-20 23:22    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-20 23:22    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-20 23:22    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-02-05 23:09    3401752    ----a-w-    c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll" [2014-02-05 3401752]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-22 1821888]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-02-05 2535448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"Adobe Version Cue CS2"="c:\progra~2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-04 3813712]
.
c:\users\Shade the Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-3-9 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Shade the Wolf\Documents\EEK\Run\a2ddax64.sys;c:\users\Shade the Wolf\Documents\EEK\Run\a2ddax64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\SHADET~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\SHADET~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Shade the Wolf\AppData\Local\Temp\tmp5050.tmp;c:\users\Shade the Wolf\AppData\Local\Temp\tmp5050.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:14]
.
2014-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:14]
.
2014-02-25 c:\windows\Tasks\HPCeeScheduleForShade the Wolf.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2014-02-13 c:\windows\Tasks\HPCeeScheduleForSHADETHEWOLF-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: spoonyexperiment.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Shade the Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\83r87lyg.default-1387940382306\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-FTdownloader V9.0 - c:\program files (x86)\FTdownloader V9.0\Uninstall.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Shade the Wolf\AppData\Local\Temp\tmp5050.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-24  19:29:56
ComboFix-quarantined-files.txt  2014-02-25 01:29
ComboFix2.txt  2014-02-18 19:20
ComboFix3.txt  2014-02-18 00:45
.
Pre-Run: 160,262,234,112 bytes free
Post-Run: 159,967,805,440 bytes free
.
- - End Of File - - 2E34B1C944BFC5AE3EC4DDD703A07437
F2F2160DE70CFDC52A6E5FC26D7D306E
 

 

What do you mean by my thread? Do you mean this one, or the one I originally posted in the "Am I Infected?" sub-forum?



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 25 February 2014 - 05:39 AM

I mean this one!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Shade the Wolf

Shade the Wolf
  • Topic Starter

  • Members
  • 130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:By my computer
  • Local time:02:12 PM

Posted 25 February 2014 - 02:42 PM

Ah okay. It's just that you worded it weirdly. Oh well. Here's the log:

 

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities 2013   
 TuneUp Utilities Language Pack (en-US)
 TuneUp Utilities 2013   
 JavaFX 2.1.1    
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users