Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google "webhp" Redirect? Possible Hijack?


  • This topic is locked This topic is locked
20 replies to this topic

#1 TornadoTK

TornadoTK

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 15 March 2014 - 07:30 PM

Unsure of a possible browser hijack, but posting to be sure: Going to Google works fine, but if I click on the Google logo (as opposed to clicking Back or going to www.google.com), I get an extended URL and search string. "google.com/webhp?tab=ww&ei=XsMkU5baBOiUjAKa7YG4BQ&ved=0CBoQ1S4"

 

Here are pictures with notes better describing the situation: http://imgur.com/a/sf8uz

 

Can't find any link to anything Conduit related (which seemed to be the common issue everyone with similar symptoms had). Checked hosts file, internet settings, and did MBAM, ADWCleaner, and TFC scans. Here is the previous thread: http://www.bleepingcomputer.com/forums/t/527484/google-webhp-redirect-possible-hijack

 

Running Windows 7 SP1 x64 with Avast Free.

 

And then finally, the DDS logs:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by TornadoTK at 17:17:40 on 2014-03-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16349.13458 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\TornadoTK\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Users\TornadoTK\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [AdobeBridge] <no file>
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1BD07741-F1EC-443B-A98B-14695A008ED0} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TornadoTK\AppData\Roaming\Mozilla\Firefox\Profiles\wk7ddi9f.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\TornadoTK\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\TornadoTK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\TornadoTK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\TornadoTK\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-23 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-23 207904]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-18 20464]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-23 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-23 421704]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-23 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-8 50344]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-7-30 204552]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-9 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-5 16939296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-2-18 411936]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-23 80184]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-18 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-18 795632]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-14 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2014-2-14 24824]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-9 1255736]
.
=============== Created Last 30 ================
.
2014-03-15 20:14:53    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27DB8300-302A-477E-A953-65CE3A225EA6}\offreg.dll
2014-03-15 11:34:24    10536864    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27DB8300-302A-477E-A953-65CE3A225EA6}\mpengine.dll
2014-03-14 17:29:33    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-14 17:29:33    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 17:17:16    --------    d-----w-    C:\AdwCleaner
2014-03-14 04:38:15    --------    d-----w-    C:\Users\TornadoTK\AppData\Roaming\Malwarebytes
2014-03-14 04:38:09    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-03-13 00:38:58    --------    d-----w-    C:\Users\TornadoTK\AppData\Roaming\Rogue Legacy
2014-03-06 05:35:21    --------    d-----w-    C:\Users\TornadoTK\AppData\Local\SplitMediaLabs
2014-03-06 05:29:50    --------    d-----w-    C:\ProgramData\SplitMediaLabs
2014-03-06 05:28:13    --------    d-----w-    C:\Users\TornadoTK\AppData\Roaming\SplitMediaLabs
2014-02-28 20:02:49    --------    d-----w-    C:\Users\TornadoTK\AppData\Roaming\Awesomium
2014-02-28 19:33:58    --------    d-----w-    C:\ProgramData\Elder Scrolls Online
2014-02-27 03:22:42    --------    d-----w-    C:\Users\TornadoTK\AppData\Roaming\Arrowhead
2014-02-26 11:29:00    --------    d-----w-    C:\Windows\Migration
2014-02-25 23:08:06    --------    d-----w-    C:\Users\TornadoTK\AppData\Local\Blizzard
2014-02-25 23:00:53    --------    d-----w-    C:\Users\TornadoTK\AppData\Local\Blizzard Entertainment
2014-02-25 23:00:47    --------    d-----w-    C:\Users\TornadoTK\AppData\Roaming\Battle.net
2014-02-25 23:00:47    --------    d-----w-    C:\Users\TornadoTK\AppData\Local\Battle.net
2014-02-25 23:00:42    --------    d-----w-    C:\ProgramData\Blizzard Entertainment
2014-02-25 23:00:42    --------    d-----w-    C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-02-25 22:58:57    --------    d-----w-    C:\ProgramData\Battle.net
2014-02-19 22:59:47    --------    d-----w-    C:\Users\TornadoTK\AppData\Local\Diagnostics
2014-02-19 22:55:27    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2014-02-19 04:02:01    --------    d-----w-    C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-18 20:48:30    599840    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-02-15 06:46:05    93808    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-02-14 18:02:28    24824    ----a-w-    C:\Windows\System32\drivers\IOMap64.sys
2014-02-14 17:49:09    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-02-14 17:49:09    33056    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M  ====================
.
2014-03-12 01:36:05    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 01:36:05    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-08 19:49:34    80184    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-02-08 19:49:33    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-08 19:49:33    43152    ----a-w-    C:\Windows\avastSS.scr
2014-02-08 19:49:33    1038072    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-02-08 17:42:36    6712608    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-02-08 17:42:36    3498272    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-02-08 17:42:33    923936    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-02-08 17:42:32    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2014-02-08 17:42:32    386336    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-05 17:52:50    3573739    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-24 02:18:39    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-01-24 02:18:39    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-01-24 02:18:39    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-01-21 02:53:40    1048152    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-01-21 02:53:29    1179576    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-01-09 07:59:56    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-08 17:41:26    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-12-27 18:42:16    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-12-19 20:33:31    1884448    ----a-w-    C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433221.dll
2013-12-19 05:09:39    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 14:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 17:17:48.50 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 15 March 2014 - 07:43 PM


Hello TornadoTK

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TornadoTK

TornadoTK
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 March 2014 - 03:08 AM

Problem persists, here are the logs:

 

 

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 00:48:00
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : TornadoTK - MAINTK2014
# Running from : C:\Users\TornadoTK\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\TornadoTK\AppData\Roaming\Mozilla\Firefox\Profiles\wk7ddi9f.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [837 octets] - [14/03/2014 10:17:48]
AdwCleaner[R1].txt - [907 octets] - [16/03/2014 00:47:38]
AdwCleaner[S0].txt - [901 octets] - [14/03/2014 10:24:15]
AdwCleaner[S1].txt - [829 octets] - [16/03/2014 00:48:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [888 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by TornadoTK on Sun 03/16/2014 at  0:50:18.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\TornadoTK\AppData\Roaming\mozilla\firefox\profiles\wk7ddi9f.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/16/2014 at  0:53:23.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 16 March 2014 - 07:17 AM


Hello TornadoTK

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TornadoTK

TornadoTK
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 March 2014 - 03:28 PM

Problem still there, nothing seems affected aside from the Google link I referenced earlier. Here's the ComboFix logs:

 

 

 

ComboFix 14-03-13.01 - TornadoTK 03/16/2014  13:21:15.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16349.14657 [GMT -7:00]
Running from: c:\users\TornadoTK\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-16 to 2014-03-16  )))))))))))))))))))))))))))))))
.
.
2014-03-16 20:23 . 2014-03-16 20:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-16 07:50 . 2014-03-16 07:50    --------    d-----w-    c:\windows\ERUNT
2014-03-15 11:34 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{27DB8300-302A-477E-A953-65CE3A225EA6}\mpengine.dll
2014-03-14 17:29 . 2014-03-14 17:29    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-14 17:29 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-14 17:17 . 2014-03-16 07:48    --------    d-----w-    C:\AdwCleaner
2014-03-14 04:38 . 2014-03-14 04:38    --------    d-----w-    c:\users\TornadoTK\AppData\Roaming\Malwarebytes
2014-03-14 04:38 . 2014-03-14 04:38    --------    d-----w-    c:\programdata\Malwarebytes
2014-03-13 00:38 . 2014-03-13 00:38    --------    d-----w-    c:\users\TornadoTK\AppData\Roaming\Rogue Legacy
2014-03-12 00:12 . 2014-03-12 00:12    --------    d-----w-    c:\program files (x86)\Common Files\logishrd
2014-03-12 00:11 . 2014-03-12 00:12    --------    d-----w-    c:\program files\Common Files\logishrd
2014-03-06 18:02 . 2014-03-06 18:02    --------    d-----w-    c:\windows\Sun
2014-03-06 05:35 . 2014-03-06 05:35    --------    d-----w-    c:\users\TornadoTK\AppData\Local\SplitMediaLabs
2014-03-06 05:29 . 2014-03-06 05:29    --------    d-----w-    c:\programdata\SplitMediaLabs
2014-03-06 05:28 . 2014-03-06 05:28    --------    d-----w-    c:\users\TornadoTK\AppData\Roaming\SplitMediaLabs
2014-02-28 20:02 . 2014-03-02 09:07    --------    d-----w-    c:\users\TornadoTK\AppData\Roaming\Awesomium
2014-02-28 19:33 . 2014-02-28 19:33    --------    d-----w-    c:\programdata\Elder Scrolls Online
2014-02-27 03:22 . 2014-02-27 03:22    --------    d-----w-    c:\users\TornadoTK\AppData\Roaming\Arrowhead
2014-02-26 11:29 . 2014-02-26 11:29    --------    d-----w-    c:\windows\Migration
2014-02-25 23:08 . 2014-02-25 23:08    --------    d-----w-    c:\users\TornadoTK\AppData\Local\Blizzard
2014-02-25 23:00 . 2014-02-25 23:00    --------    d-----w-    c:\users\TornadoTK\AppData\Local\Blizzard Entertainment
2014-02-25 23:00 . 2014-02-27 23:16    --------    d-----w-    c:\users\TornadoTK\AppData\Local\Battle.net
2014-02-25 23:00 . 2014-02-25 23:01    --------    d-----w-    c:\users\TornadoTK\AppData\Roaming\Battle.net
2014-02-25 23:00 . 2014-02-25 23:02    --------    d-----w-    c:\program files (x86)\Common Files\Blizzard Entertainment
2014-02-25 23:00 . 2014-02-25 23:00    --------    d-----w-    c:\programdata\Blizzard Entertainment
2014-02-25 22:58 . 2014-02-25 22:59    --------    d-----w-    c:\programdata\Battle.net
2014-02-19 22:59 . 2014-02-19 22:59    --------    d-----w-    c:\users\TornadoTK\AppData\Local\Diagnostics
2014-02-19 22:55 . 2014-02-19 22:55    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2014-02-19 22:55 . 2014-03-14 19:00    --------    d-----w-    c:\program files\Adobe
2014-02-19 22:53 . 2014-03-14 19:07    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2014-02-19 04:02 . 2014-02-19 04:02    --------    d-----w-    c:\program files\Microsoft Xbox 360 Accessories
2014-02-18 20:48 . 2014-02-18 20:48    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-02-18 20:48 . 2014-02-08 16:18    599840    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 01:36 . 2014-01-08 01:33    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 01:36 . 2014-01-08 01:33    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-16 14:40 . 2014-01-09 17:12    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-02-08 19:49 . 2014-01-24 02:18    80184    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-02-08 19:49 . 2014-01-24 02:18    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-02-08 19:49 . 2014-01-24 02:18    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-08 19:49 . 2014-01-24 02:18    421704    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-02-08 19:49 . 2014-01-24 02:18    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2014-02-08 19:49 . 2014-01-24 02:18    1038072    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-08 18:34 . 2014-01-09 19:35    15740232    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-02-08 18:34 . 2014-01-07 17:12    31432480    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-02-08 18:34 . 2014-01-06 04:07    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2014-01-06 04:07    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2014-01-06 04:06    947296    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2014-01-06 04:06    3090184    ----a-w-    c:\windows\system32\nvapi64.dll
2014-02-08 18:34 . 2014-01-06 04:06    2713728    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2014-01-06 04:06    18257576    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2014-01-06 04:06    14669032    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-02-08 17:42 . 2014-01-06 04:07    6712608    ----a-w-    c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2014-01-06 04:07    3498272    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2014-01-06 04:07    923936    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2014-01-06 04:07    63776    ----a-w-    c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2014-01-06 04:07    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2014-02-05 17:52 . 2014-01-06 04:07    3573739    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-01-24 02:18 . 2014-01-24 02:18    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-01-24 02:18 . 2014-01-24 02:18    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-24 02:18 . 2014-01-24 02:18    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-21 02:53 . 2014-01-09 19:32    1048152    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-01-21 02:53 . 2014-01-09 19:32    1179576    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-01-10 07:12 . 2014-01-10 07:12    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-01-10 07:12 . 2014-01-10 07:12    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-01-10 07:12 . 2014-01-10 07:12    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-01-10 07:12 . 2014-01-10 07:12    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-01-10 07:12 . 2014-01-10 07:12    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-01-10 07:12 . 2014-01-10 07:12    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-01-10 07:12 . 2014-01-10 07:12    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-01-10 07:12 . 2014-01-10 07:12    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-01-10 07:12 . 2014-01-10 07:12    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-01-10 07:12 . 2014-01-10 07:12    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-01-10 07:12 . 2014-01-10 07:12    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-10 07:12 . 2014-01-10 07:12    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-10 07:12 . 2014-01-10 07:12    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-01-10 07:12 . 2014-01-10 07:12    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-01-10 07:12 . 2014-01-10 07:12    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-01-10 07:12 . 2014-01-10 07:12    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-01-10 07:12 . 2014-01-10 07:12    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-01-10 07:12 . 2014-01-10 07:12    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-01-10 07:12 . 2014-01-10 07:12    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-01-10 07:12 . 2014-01-10 07:12    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-01-10 07:12 . 2014-01-10 07:12    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-01-10 07:12 . 2014-01-10 07:12    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-01-10 07:12 . 2014-01-10 07:12    413696    ----a-w-    c:\windows\system32\html.iec
2014-01-10 07:12 . 2014-01-10 07:12    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-10 07:12 . 2014-01-10 07:12    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-01-10 07:12 . 2014-01-10 07:12    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-10 07:12 . 2014-01-10 07:12    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-01-10 07:12 . 2014-01-10 07:12    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-01-10 07:12 . 2014-01-10 07:12    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2014-01-10 07:12 . 2014-01-10 07:12    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-01-10 07:12 . 2014-01-10 07:12    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-01-10 07:12 . 2014-01-10 07:12    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-01-10 07:12 . 2014-01-10 07:12    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-01-10 07:12 . 2014-01-10 07:12    235520    ----a-w-    c:\windows\system32\url.dll
2014-01-10 07:12 . 2014-01-10 07:12    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-01-10 07:12 . 2014-01-10 07:12    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-01-10 07:12 . 2014-01-10 07:12    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-01-10 07:12 . 2014-01-10 07:12    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-01-10 07:12 . 2014-01-10 07:12    147968    ----a-w-    c:\windows\system32\occache.dll
2014-01-10 07:12 . 2014-01-10 07:12    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-01-10 07:12 . 2014-01-10 07:12    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-01-10 07:12 . 2014-01-10 07:12    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-01-10 07:12 . 2014-01-10 07:12    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-01-10 07:12 . 2014-01-10 07:12    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-01-10 07:12 . 2014-01-10 07:12    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-01-10 07:12 . 2014-01-10 07:12    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-01-10 07:12 . 2014-01-10 07:12    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-01-10 07:12 . 2014-01-10 07:12    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-01-10 07:12 . 2014-01-10 07:12    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-01-10 07:12 . 2014-01-10 07:12    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-01-10 07:12 . 2014-01-10 07:12    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-01-09 07:59 . 2014-01-09 07:59    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-01-09 07:59 . 2014-01-09 07:59    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2014-01-09 07:59 . 2014-01-09 07:59    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-01-09 07:59 . 2014-01-09 07:59    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2014-01-09 07:59 . 2014-01-09 07:59    363008    ----a-w-    c:\windows\system32\dxgi.dll
2014-01-09 07:59 . 2014-01-09 07:59    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-01-09 07:59 . 2014-01-09 07:59    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-09 07:59 . 2014-01-09 07:59    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\TornadoTK\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-17 1340496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-18 292088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-08 3767096]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-27 449168]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-21 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-08 01:36]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000Core.job
- c:\users\TornadoTK\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-13 05:59]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000UA.job
- c:\users\TornadoTK\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-13 05:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-08 19:49    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-13 13653208]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-08-31 1321688]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\TornadoTK\AppData\Roaming\Mozilla\Firefox\Profiles\wk7ddi9f.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-16  13:25:06
ComboFix-quarantined-files.txt  2014-03-16 20:25
.
Pre-Run: 58,018,123,776 bytes free
Post-Run: 57,628,569,600 bytes free
.
- - End Of File - - 82A58BC78162F18B65134DBEE08A58FC
5FB38429D5D77768867C76DCBDB35194
 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 16 March 2014 - 04:26 PM


Hello TornadoTK



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TornadoTK

TornadoTK
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 March 2014 - 09:15 PM

Problem still persists as before. Here are FRST.txt and Addition.txt logs, respectively:

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by TornadoTK (administrator) on MAINTK2014 on 16-03-2014 19:13:56
Running from C:\Users\TornadoTK\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(BitTorrent Inc.) C:\Users\TornadoTK\AppData\Roaming\uTorrent\uTorrent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-08] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-873495118-3906234496-3227357945-1000\...\Run: [uTorrent] - C:\Users\TornadoTK\AppData\Roaming\uTorrent\uTorrent.exe [1340496 2014-01-17] (BitTorrent Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x92BBE1C2930ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\TornadoTK\AppData\Roaming\Mozilla\Firefox\Profiles\wk7ddi9f.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\TornadoTK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\TornadoTK\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\TornadoTK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TornadoTK\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TornadoTK\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\TornadoTK\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TornadoTK\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\TornadoTK\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Adblock Plus - C:\Users\TornadoTK\AppData\Roaming\Mozilla\Firefox\Profiles\wk7ddi9f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-08]

==================== Services (Whitelisted) =================

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-08] (AVAST Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-08] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-23] ()
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-16 19:13 - 2014-03-16 19:13 - 02157056 _____ (Farbar) C:\Users\TornadoTK\Downloads\FRST64.exe
2014-03-16 19:13 - 2014-03-16 19:13 - 00010708 _____ () C:\Users\TornadoTK\Downloads\FRST.txt
2014-03-16 19:13 - 2014-03-16 19:13 - 00000000 ____D () C:\FRST
2014-03-16 13:25 - 2014-03-16 13:25 - 00025535 _____ () C:\ComboFix.txt
2014-03-16 13:20 - 2014-03-16 13:25 - 00000000 ____D () C:\Qoobox
2014-03-16 13:20 - 2014-03-16 13:24 - 00000000 ____D () C:\Windows\erdnt
2014-03-16 13:20 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-16 13:20 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-16 13:20 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-16 13:20 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-16 13:20 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-16 13:20 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-16 13:20 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-16 13:20 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-16 00:53 - 2014-03-16 00:53 - 00000773 _____ () C:\Users\TornadoTK\Desktop\JRT.txt
2014-03-16 00:50 - 2014-03-16 00:50 - 00000000 ____D () C:\Windows\ERUNT
2014-03-16 00:49 - 2014-03-16 00:49 - 00000967 _____ () C:\Users\TornadoTK\Desktop\AdwCleaner[S1].txt
2014-03-16 00:45 - 2014-03-16 00:46 - 01037734 _____ (Thisisu) C:\Users\TornadoTK\Downloads\JRT.exe
2014-03-16 00:45 - 2014-03-16 00:45 - 01950720 _____ () C:\Users\TornadoTK\Downloads\AdwCleaner.exe
2014-03-15 17:17 - 2014-03-15 17:17 - 00017373 _____ () C:\Users\TornadoTK\Desktop\dds.txt
2014-03-15 17:17 - 2014-03-15 17:17 - 00006553 _____ () C:\Users\TornadoTK\Desktop\attach.txt
2014-03-15 17:16 - 2014-03-15 17:16 - 00688992 ____R (Swearware) C:\Users\TornadoTK\Downloads\dds.com
2014-03-14 10:29 - 2014-03-14 10:29 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 10:29 - 2014-03-14 10:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 10:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-14 10:23 - 2014-03-14 10:23 - 00014075 _____ () C:\Users\TornadoTK\Desktop\bookmarks-2014-03-14.json
2014-03-14 10:17 - 2014-03-16 00:48 - 00000000 ____D () C:\AdwCleaner
2014-03-13 21:38 - 2014-03-13 21:38 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Malwarebytes
2014-03-13 21:38 - 2014-03-13 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 17:38 - 2014-03-12 17:38 - 00000000 ____D () C:\Users\TornadoTK\Documents\SavedGames
2014-03-12 17:38 - 2014-03-12 17:38 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Rogue Legacy
2014-03-12 02:14 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 02:14 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 02:14 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 02:14 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 02:14 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 02:14 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 02:14 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 02:14 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 02:14 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 02:14 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 02:14 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 02:14 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 02:14 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 02:14 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 02:14 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 02:14 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 02:14 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 02:14 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 02:14 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 02:14 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 02:14 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 02:14 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 02:14 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 02:14 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 02:14 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 02:14 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 02:14 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 02:14 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 02:14 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 02:14 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 02:14 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 02:14 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 02:14 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 02:14 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 02:14 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 02:14 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 02:14 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 02:14 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 02:14 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 02:14 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 02:14 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 02:14 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 02:14 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 02:14 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 02:14 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 02:14 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 02:14 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 02:14 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 17:12 - 2014-03-11 17:12 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-03-11 17:11 - 2014-03-11 17:12 - 00008403 _____ () C:\Windows\system32\lvcoinst.log
2014-03-11 17:11 - 2014-03-11 17:12 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-03-06 11:18 - 2014-03-06 11:18 - 00000000 ____D () C:\Users\TornadoTK\Documents\XSplit
2014-03-06 11:02 - 2014-03-06 11:02 - 00000000 ____D () C:\Windows\Sun
2014-03-06 03:07 - 2014-03-06 11:19 - 00001456 _____ () C:\Users\TornadoTK\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-06 03:06 - 2014-03-06 11:19 - 00000000 ____D () C:\Users\TornadoTK\Documents\Photoshop
2014-03-05 22:35 - 2014-03-05 22:35 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\SplitMediaLabs
2014-03-05 22:29 - 2014-03-05 22:29 - 00000866 _____ () C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2014-03-05 22:29 - 2014-03-05 22:29 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-03-05 22:28 - 2014-03-05 22:28 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\SplitMediaLabs
2014-03-05 17:20 - 2014-03-05 17:21 - 00000906 _____ () C:\Users\TornadoTK\Desktop\Tetris - The Grand Master 3.lnk
2014-02-28 13:57 - 2014-02-28 13:57 - 00000007 _____ () C:\Users\TornadoTK\Documents\MLess.txt
2014-02-28 13:02 - 2014-03-02 02:07 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Awesomium
2014-02-28 12:33 - 2014-02-28 12:33 - 00000000 ____D () C:\Users\TornadoTK\Documents\Elder Scrolls Online
2014-02-28 12:33 - 2014-02-28 12:33 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-02-26 21:48 - 2014-02-26 21:48 - 00370123 _____ () C:\Users\TornadoTK\Desktop\beatmania IIDX tricoro.ai
2014-02-26 21:46 - 2014-02-26 21:46 - 00418606 _____ () C:\Users\TornadoTK\Desktop\pop'n music Sunny Park.ai
2014-02-26 20:22 - 2014-02-26 20:22 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Arrowhead
2014-02-25 16:08 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\Blizzard
2014-02-25 16:00 - 2014-02-27 16:16 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\Battle.net
2014-02-25 16:00 - 2014-02-25 16:01 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Battle.net
2014-02-25 16:00 - 2014-02-25 16:00 - 00000837 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-02-25 16:00 - 2014-02-25 16:00 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\Blizzard Entertainment
2014-02-25 16:00 - 2014-02-25 16:00 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-25 15:58 - 2014-02-25 15:59 - 00000000 ____D () C:\ProgramData\Battle.net
2014-02-24 18:41 - 2014-02-24 18:42 - 999010993 _____ () C:\Users\TornadoTK\Downloads\Heroes3HD.rar
2014-02-24 18:36 - 2014-02-24 18:36 - 00000826 _____ () C:\Users\Public\Desktop\HoMM3 HD.lnk
2014-02-20 22:57 - 2014-02-20 22:57 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-19 15:55 - 2014-03-14 12:00 - 00000000 ____D () C:\Program Files\Adobe
2014-02-19 15:55 - 2014-02-19 15:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-19 15:54 - 2014-03-14 12:00 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-19 15:53 - 2014-03-14 12:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-19 01:41 - 2014-02-19 01:41 - 00000000 ____D () C:\Users\TornadoTK\Documents\Gunz2
2014-02-18 21:02 - 2014-02-18 21:02 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-18 13:48 - 2014-02-18 13:48 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-18 13:48 - 2014-02-08 09:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-18 13:47 - 2014-02-08 11:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-18 13:47 - 2014-02-08 11:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-02-18 13:47 - 2014-02-08 11:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-02-14 23:46 - 2014-02-14 23:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 11:02 - 2013-07-02 17:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2014-02-14 10:49 - 2013-12-27 11:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-02-14 10:49 - 2013-12-27 11:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-02-14 03:03 - 2014-03-15 15:10 - 00000357 _____ () C:\Users\TornadoTK\Documents\bemanirandom.txt

==================== One Month Modified Files and Folders =======

2014-03-16 19:13 - 2014-03-16 19:13 - 02157056 _____ (Farbar) C:\Users\TornadoTK\Downloads\FRST64.exe
2014-03-16 19:13 - 2014-03-16 19:13 - 00010708 _____ () C:\Users\TornadoTK\Downloads\FRST.txt
2014-03-16 19:13 - 2014-03-16 19:13 - 00000000 ____D () C:\FRST
2014-03-16 19:13 - 2014-01-05 22:47 - 01547719 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 19:12 - 2014-01-17 12:36 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\uTorrent
2014-03-16 18:36 - 2014-01-07 18:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 18:17 - 2014-01-12 22:59 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000UA.job
2014-03-16 13:37 - 2009-07-13 21:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 13:37 - 2009-07-13 21:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 13:36 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 13:30 - 2014-01-05 21:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-16 13:30 - 2010-11-20 20:47 - 00175772 _____ () C:\Windows\PFRO.log
2014-03-16 13:30 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 13:30 - 2009-07-13 21:51 - 00053450 _____ () C:\Windows\setupact.log
2014-03-16 13:25 - 2014-03-16 13:25 - 00025535 _____ () C:\ComboFix.txt
2014-03-16 13:25 - 2014-03-16 13:20 - 00000000 ____D () C:\Qoobox
2014-03-16 13:24 - 2014-03-16 13:20 - 00000000 ____D () C:\Windows\erdnt
2014-03-16 13:23 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-16 00:53 - 2014-03-16 00:53 - 00000773 _____ () C:\Users\TornadoTK\Desktop\JRT.txt
2014-03-16 00:50 - 2014-03-16 00:50 - 00000000 ____D () C:\Windows\ERUNT
2014-03-16 00:49 - 2014-03-16 00:49 - 00000967 _____ () C:\Users\TornadoTK\Desktop\AdwCleaner[S1].txt
2014-03-16 00:48 - 2014-03-14 10:17 - 00000000 ____D () C:\AdwCleaner
2014-03-16 00:46 - 2014-03-16 00:45 - 01037734 _____ (Thisisu) C:\Users\TornadoTK\Downloads\JRT.exe
2014-03-16 00:45 - 2014-03-16 00:45 - 01950720 _____ () C:\Users\TornadoTK\Downloads\AdwCleaner.exe
2014-03-16 00:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-16 00:17 - 2014-01-23 19:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-16 00:17 - 2014-01-12 22:59 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000Core.job
2014-03-15 17:22 - 2014-01-07 19:12 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Skype
2014-03-15 17:17 - 2014-03-15 17:17 - 00017373 _____ () C:\Users\TornadoTK\Desktop\dds.txt
2014-03-15 17:17 - 2014-03-15 17:17 - 00006553 _____ () C:\Users\TornadoTK\Desktop\attach.txt
2014-03-15 17:16 - 2014-03-15 17:16 - 00688992 ____R (Swearware) C:\Users\TornadoTK\Downloads\dds.com
2014-03-15 15:10 - 2014-02-14 03:03 - 00000357 _____ () C:\Users\TornadoTK\Documents\bemanirandom.txt
2014-03-15 03:38 - 2014-01-07 18:47 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\PMB Files
2014-03-15 03:38 - 2014-01-07 18:47 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-14 12:00 - 2014-02-19 15:55 - 00000000 ____D () C:\Program Files\Adobe
2014-03-14 12:00 - 2014-02-19 15:54 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-14 12:00 - 2014-02-19 15:53 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-14 10:29 - 2014-03-14 10:29 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 10:29 - 2014-03-14 10:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 10:23 - 2014-03-14 10:23 - 00014075 _____ () C:\Users\TornadoTK\Desktop\bookmarks-2014-03-14.json
2014-03-13 21:38 - 2014-03-13 21:38 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Malwarebytes
2014-03-13 21:38 - 2014-03-13 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 17:38 - 2014-03-12 17:38 - 00000000 ____D () C:\Users\TornadoTK\Documents\SavedGames
2014-03-12 17:38 - 2014-03-12 17:38 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Rogue Legacy
2014-03-12 17:27 - 2009-07-13 21:45 - 04908528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 18:36 - 2014-01-07 18:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 18:36 - 2014-01-07 18:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 18:36 - 2014-01-07 18:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 17:12 - 2014-03-11 17:12 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-03-11 17:12 - 2014-03-11 17:11 - 00008403 _____ () C:\Windows\system32\lvcoinst.log
2014-03-11 17:12 - 2014-03-11 17:11 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-03-11 13:21 - 2014-01-05 21:13 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Mozilla
2014-03-10 13:25 - 2014-01-07 18:33 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Adobe
2014-03-10 13:25 - 2014-01-07 18:32 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\Adobe
2014-03-09 17:32 - 2014-01-12 12:39 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\Arma 3
2014-03-06 13:36 - 2014-01-26 20:35 - 00000000 ____D () C:\Users\TornadoTK\Documents\Word
2014-03-06 11:19 - 2014-03-06 03:07 - 00001456 _____ () C:\Users\TornadoTK\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-06 11:19 - 2014-03-06 03:06 - 00000000 ____D () C:\Users\TornadoTK\Documents\Photoshop
2014-03-06 11:18 - 2014-03-06 11:18 - 00000000 ____D () C:\Users\TornadoTK\Documents\XSplit
2014-03-06 11:02 - 2014-03-06 11:02 - 00000000 ____D () C:\Windows\Sun
2014-03-05 22:35 - 2014-03-05 22:35 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\SplitMediaLabs
2014-03-05 22:29 - 2014-03-05 22:29 - 00000866 _____ () C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2014-03-05 22:29 - 2014-03-05 22:29 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-03-05 22:28 - 2014-03-05 22:28 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\SplitMediaLabs
2014-03-05 17:21 - 2014-03-05 17:20 - 00000906 _____ () C:\Users\TornadoTK\Desktop\Tetris - The Grand Master 3.lnk
2014-03-02 02:07 - 2014-02-28 13:02 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Awesomium
2014-02-28 23:05 - 2014-03-12 02:14 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-12 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-12 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-12 02:14 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-12 02:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-12 02:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-12 02:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-12 02:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-12 02:14 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-12 02:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-12 02:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-12 02:14 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-12 02:14 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-12 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-12 02:14 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-12 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-12 02:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-12 02:14 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-12 02:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-12 02:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 02:14 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-12 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 02:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-12 02:14 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-12 02:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-12 02:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-12 02:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-12 02:14 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-12 02:14 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-12 02:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-12 02:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-12 02:14 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-12 02:14 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 02:14 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 02:14 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 19:38 - 2014-03-12 02:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-12 02:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-12 02:14 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-12 02:14 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-12 02:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 19:25 - 2014-01-07 21:21 - 00000000 ____D () C:\Users\TornadoTK\Documents\my games
2014-02-28 13:57 - 2014-02-28 13:57 - 00000007 _____ () C:\Users\TornadoTK\Documents\MLess.txt
2014-02-28 12:33 - 2014-02-28 12:33 - 00000000 ____D () C:\Users\TornadoTK\Documents\Elder Scrolls Online
2014-02-28 12:33 - 2014-02-28 12:33 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-02-27 16:16 - 2014-02-25 16:00 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\Battle.net
2014-02-27 06:28 - 2014-01-05 21:07 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 21:48 - 2014-02-26 21:48 - 00370123 _____ () C:\Users\TornadoTK\Desktop\beatmania IIDX tricoro.ai
2014-02-26 21:46 - 2014-02-26 21:46 - 00418606 _____ () C:\Users\TornadoTK\Desktop\pop'n music Sunny Park.ai
2014-02-26 20:22 - 2014-02-26 20:22 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Arrowhead
2014-02-26 20:22 - 2014-01-08 13:09 - 00110260 _____ () C:\Windows\DirectX.log
2014-02-25 19:28 - 2014-01-22 15:36 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Audacity
2014-02-25 16:08 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\Blizzard
2014-02-25 16:01 - 2014-02-25 16:00 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Battle.net
2014-02-25 16:00 - 2014-02-25 16:00 - 00000837 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-02-25 16:00 - 2014-02-25 16:00 - 00000000 ____D () C:\Users\TornadoTK\AppData\Local\Blizzard Entertainment
2014-02-25 16:00 - 2014-02-25 16:00 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-25 15:59 - 2014-02-25 15:58 - 00000000 ____D () C:\ProgramData\Battle.net
2014-02-24 18:42 - 2014-02-24 18:41 - 999010993 _____ () C:\Users\TornadoTK\Downloads\Heroes3HD.rar
2014-02-24 18:36 - 2014-02-24 18:36 - 00000826 _____ () C:\Users\Public\Desktop\HoMM3 HD.lnk
2014-02-20 22:57 - 2014-02-20 22:57 - 00000000 ____D () C:\Users\TornadoTK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-19 15:55 - 2014-02-19 15:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-19 15:55 - 2014-01-05 21:19 - 00062000 _____ () C:\Users\TornadoTK\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-19 01:41 - 2014-02-19 01:41 - 00000000 ____D () C:\Users\TornadoTK\Documents\Gunz2
2014-02-18 21:02 - 2014-02-18 21:02 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-18 13:48 - 2014-02-18 13:48 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-18 13:48 - 2014-01-05 21:07 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-16 13:00 - 2014-01-05 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 07:41 - 2014-01-09 10:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 07:40 - 2014-01-09 10:12 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 23:46 - 2014-02-14 23:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 10:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 00:52

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by TornadoTK at 2014-03-16 19:14:06
Running from C:\Users\TornadoTK\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30446 - BitTorrent Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series User Registration (HKLM-x32\...\Canon MG5400 series User Registration) (Version:  - Canon Inc.‎)
Chroma Closed Alpha (HKLM-x32\...\Steam App 241850) (Version:  - Harmonix Music Systems, Inc)
Combined Community Codec Pack 2013-11-27 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.11.27.0 - CCCP Project)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Divekick (HKLM-x32\...\Steam App 244730) (Version:  - Iron Galaxy Studios)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F8B67DF7-B543-3DE0-BCEF-F844F891FD48}) (Version: 5.1.7.17873 - Google)
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
Intel® Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel® Network Connections 18.7.28.0 (Version: 18.7.28.0 - Intel) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version:  - Zachtronics)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
StepMania v5.0 beta 2a (remove only) (HKLM-x32\...\StepMania 5) (Version:  - StepMania Team)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
Thief Gold (HKLM-x32\...\Steam App 211600) (Version:  - Looking Glass Studios)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{F8A47958-47CC-4B57-AE7D-7DDC0A86BEF5}) (Version: 1.3.1311.1201 - SplitMediaLabs)

==================== Restore Points  =========================

08-03-2014 01:15:53 Installed System Requirements Lab Detection
08-03-2014 01:16:55 Removed System Requirements Lab Detection
12-03-2014 02:41:20 Windows Update
12-03-2014 09:26:38 Windows Update
13-03-2014 00:38:50 Installed DirectX
15-03-2014 11:34:19 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {357699DB-53BB-4DCF-A597-EB5A33A52A65} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-08] (AVAST Software)
Task: {42BEFA53-CDA7-4C0D-97E3-C956C29A4B09} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {4C144F04-B79B-4985-9EFF-32089F3BB5AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000Core => C:\Users\TornadoTK\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {9C3E8607-8D17-456D-A9DD-B0D573B4D7FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6E663E4-354E-45EA-85EB-096F0F69C013} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000UA => C:\Users\TornadoTK\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000Core.job => C:\Users\TornadoTK\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000UA.job => C:\Users\TornadoTK\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-05 21:07 - 2014-02-08 10:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-01-09 12:32 - 2014-01-20 19:56 - 00093472 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-01-09 12:32 - 2014-01-20 19:56 - 00874784 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-03-16 13:31 - 2014-03-16 12:49 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031601\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-23 19:18 - 2014-01-23 19:18 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-07 20:45 - 2013-12-12 15:19 - 00142848 _____ () D:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-07 20:45 - 2013-11-04 18:12 - 00890592 _____ () D:\Program Files (x86)\Steam\libavutil-52.dll
2014-01-07 20:45 - 2014-02-10 19:34 - 00751616 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2014-01-07 20:45 - 2014-02-25 14:57 - 01135296 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-01-07 20:45 - 2014-01-10 16:33 - 20625832 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2014-01-07 20:45 - 2013-06-14 16:49 - 01100800 _____ () D:\Program Files (x86)\Steam\bin\avcodec-53.dll
2014-01-07 20:45 - 2013-06-14 16:49 - 00124416 _____ () D:\Program Files (x86)\Steam\bin\avutil-51.dll
2014-01-07 20:45 - 2013-06-14 16:49 - 00192000 _____ () D:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-02-14 23:46 - 2014-02-14 23:46 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 18:36 - 2014-03-11 18:36 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Intel® 82574L Gigabit Network Connection #2
Description: Intel® 82574L Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1qexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 01:32:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 01:30:43 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/16/2014 10:56:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 00:57:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/16/2014 01:23:42 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/16/2014 01:22:24 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/16/2014 01:21:15 PM) (Source: Service Control Manager) (User: )
Description: The ASGT service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 16349.33 MB
Available physical RAM: 13724.17 MB
Total Pagefile: 32696.84 MB
Available Pagefile: 29861.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.57 GB) (Free:53.73 GB) NTFS
Drive d: (Program Disk) (Fixed) (Total:1863.01 GB) (Free:1652.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 1065EDFC)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D95D03DB)

Partition: GPT Partition Type.

==================== End Of Log ============================



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 17 March 2014 - 07:26 AM

Hello

That looks good - in which browser are you seeing this?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TornadoTK

TornadoTK
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 March 2014 - 06:39 PM

Both Firefox and Internet Explorer, but I never touch IE.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 19 March 2014 - 08:26 AM


Hello TornadoTK

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.
  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.
restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 TornadoTK

TornadoTK
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 March 2014 - 09:02 PM

Followed steps, still getting the same URL (but with different strings, as it has been changing slightly every so often):

 

"https://www.google.com/webhp?tab=ww&ei=5ksqU42qAc_moATmtYL4Ag&ved=0CBgQ1S4"



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 22 March 2014 - 09:35 AM


Hello TornadoTK

Very sorry for the delay I have been under the weather for the last couple of days.

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 TornadoTK

TornadoTK
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 22 March 2014 - 07:04 PM

OTL logfile created on: 3/22/2014 5:01:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TornadoTK\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.97 Gb Total Physical Memory | 13.51 Gb Available Physical Memory | 84.60% Memory free
31.93 Gb Paging File | 29.24 Gb Available in Paging File | 91.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.57 Gb Total Space | 53.23 Gb Free Space | 47.71% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1599.49 Gb Free Space | 85.85% Space Free | Partition Type: NTFS
 
Computer Name: MAINTK2014 | User Name: TornadoTK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\TornadoTK\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Users\TornadoTK\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\ASGT.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
MOD - D:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - D:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - D:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - D:\Program Files (x86)\Steam\libavresample-1.dll ()
MOD - D:\Program Files (x86)\Steam\libavutil-52.dll ()
MOD - D:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - D:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - D:\Program Files (x86)\Steam\bin\avutil-51.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (ASGT) -- C:\Windows\SysWOW64\ASGT.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (IOMap) -- C:\Windows\SysNative\drivers\IOMap64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (e1qexpress) -- C:\Windows\SysNative\drivers\e1q62x64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 BB E1 C2 93 0A CF 01  [binary data]
IE - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TornadoTK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TornadoTK\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TornadoTK\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TornadoTK\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/05 21:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TornadoTK\AppData\Roaming\Mozilla\Extensions
[2014/03/20 19:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TornadoTK\AppData\Roaming\Mozilla\Firefox\Profiles\9o5vorav.default-1395280793813\extensions
[2014/03/19 19:05:13 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\TornadoTK\AppData\Roaming\Mozilla\Firefox\Profiles\9o5vorav.default-1395280793813\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/14 23:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 23:46:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-873495118-3906234496-3227357945-1000..\Run: [uTorrent] C:\Users\TornadoTK\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BD07741-F1EC-443B-A98B-14695A008ED0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/22 15:14:12 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\Desktop\bmtooms
[2014/03/21 20:56:10 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Local\PAYDAY 2
[2014/03/21 20:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/03/21 16:13:25 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\Documents\NCSOFT
[2014/03/20 20:28:03 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\NCSOFT
[2014/03/20 20:28:03 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Local\NCSOFT
[2014/03/20 18:47:22 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\Sega
[2014/03/19 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\Desktop\Old Firefox Data
[2014/03/16 19:13:41 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/16 13:25:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/16 13:25:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/03/16 13:20:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/16 13:20:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/16 13:20:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/16 13:20:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/16 13:20:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/16 00:50:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/14 10:29:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/14 10:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/14 10:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/14 10:17:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/13 21:38:15 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\Malwarebytes
[2014/03/13 21:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/12 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\Rogue Legacy
[2014/03/12 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\Documents\SavedGames
[2014/03/12 02:14:25 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/12 02:14:25 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/12 02:14:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/12 02:14:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/12 02:14:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/12 02:14:23 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/12 02:14:23 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/12 02:14:23 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/12 02:14:23 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/12 02:14:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/12 02:14:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/12 02:14:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/12 02:14:22 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/12 02:14:22 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/12 02:14:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/12 02:14:22 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/12 02:14:22 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/12 02:14:22 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/12 02:14:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/12 02:14:21 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/12 02:14:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/12 02:14:21 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/12 02:14:21 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/12 02:14:21 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/12 02:14:21 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/12 02:14:20 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/12 02:14:03 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/12 02:14:03 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/12 02:14:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/11 17:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2014/03/11 17:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2014/03/06 11:18:34 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\Documents\XSplit
[2014/03/06 11:02:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/03/06 03:06:31 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\Documents\Photoshop
[2014/03/05 22:35:21 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Local\SplitMediaLabs
[2014/03/05 22:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2014/03/05 22:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2014/03/05 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\SplitMediaLabs
[2014/02/28 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\Awesomium
[2014/02/28 12:33:58 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\Documents\Elder Scrolls Online
[2014/02/28 12:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Elder Scrolls Online
[2014/02/26 20:22:42 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\Arrowhead
[2014/02/26 04:29:00 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 16:08:06 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Local\Blizzard
[2014/02/25 16:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014/02/25 16:00:53 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Local\Blizzard Entertainment
[2014/02/25 16:00:47 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\Battle.net
[2014/02/25 16:00:47 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Local\Battle.net
[2014/02/25 16:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2014/02/25 16:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2014/02/25 16:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/02/25 15:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2014/02/24 18:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2014/02/20 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\TornadoTK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/22 16:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/22 16:17:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000UA.job
[2014/03/22 12:54:33 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 12:54:33 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 12:53:21 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/22 12:53:21 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/22 12:53:21 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/22 12:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/22 12:47:23 | 4267,700,222 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/20 20:28:52 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\WildStar.lnk
[2014/03/19 18:59:09 | 000,035,922 | ---- | M] () -- C:\Users\TornadoTK\Desktop\bookmarksBACKUP.html
[2014/03/18 00:17:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-873495118-3906234496-3227357945-1000Core.job
[2014/03/14 10:29:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/14 10:23:18 | 000,014,075 | ---- | M] () -- C:\Users\TornadoTK\Desktop\bookmarks-2014-03-14.json
[2014/03/12 17:27:47 | 004,908,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/11 18:36:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/11 18:36:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/11 17:12:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/03/07 20:57:21 | 000,023,746 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1601388_892491720780282_88317895_n.jpg
[2014/03/07 13:13:21 | 000,039,057 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1922456_595958580491014_1421947653_n.jpg
[2014/03/07 13:12:59 | 000,031,551 | ---- | M] () -- C:\Users\TornadoTK\Desktop\10007539_595959300490942_111177335_n.jpg
[2014/03/07 13:12:28 | 000,032,178 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1004501_595961413824064_978342439_n.jpg
[2014/03/07 13:12:18 | 000,042,144 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1920036_595963423823863_1089591266_n.jpg
[2014/03/07 13:11:31 | 000,029,216 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1011628_596278790458993_505614266_n.jpg
[2014/03/07 13:11:24 | 000,065,318 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1005543_596279263792279_1258461321_n.jpg
[2014/03/07 13:07:47 | 000,070,679 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1528729_598200213560899_901599431_n.jpg
[2014/03/07 12:17:43 | 000,102,718 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1932283_10152306856128945_1235704971_n.jpg
[2014/03/07 12:15:18 | 000,052,010 | ---- | M] () -- C:\Users\TornadoTK\Desktop\75968_632206450186066_615634749_n.jpg
[2014/03/07 12:15:10 | 000,035,501 | ---- | M] () -- C:\Users\TornadoTK\Desktop\1794565_741200445912743_1390305551_n.jpg
[2014/03/07 12:13:26 | 000,074,182 | ---- | M] () -- C:\Users\TornadoTK\Desktop\avoid1.jpg
[2014/03/06 20:10:52 | 001,727,351 | ---- | M] () -- C:\Users\TornadoTK\Desktop\cklhwcj7wok7v9y1qqav.gif
[2014/03/06 11:19:39 | 000,310,521 | ---- | M] () -- C:\Users\TornadoTK\Desktop\testoverlay.png
[2014/03/06 11:19:39 | 000,001,456 | ---- | M] () -- C:\Users\TornadoTK\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/03/05 22:29:52 | 000,000,866 | ---- | M] () -- C:\Users\TornadoTK\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2014/03/05 22:29:52 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\XSplit Broadcaster.lnk
[2014/03/05 17:21:17 | 000,000,906 | ---- | M] () -- C:\Users\TornadoTK\Desktop\Tetris - The Grand Master 3.lnk
[2014/03/02 16:31:22 | 004,862,602 | ---- | M] () -- C:\Users\TornadoTK\Desktop\doink-3_medium.gif
[2014/03/02 16:29:06 | 007,873,346 | ---- | M] () -- C:\Users\TornadoTK\Desktop\piggyback.gif
[2014/02/28 22:16:26 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/28 21:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/28 21:51:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/28 21:40:43 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/28 21:37:12 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/28 21:33:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/28 21:32:59 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/28 21:23:49 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/28 21:02:07 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/28 20:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/28 20:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/28 20:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/28 20:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/28 20:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/28 20:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/28 20:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/28 20:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/28 20:35:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/28 20:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/28 20:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/28 19:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/28 19:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/27 06:28:34 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/26 21:48:58 | 000,370,123 | ---- | M] () -- C:\Users\TornadoTK\Desktop\beatmania IIDX tricoro.ai
[2014/02/26 21:46:49 | 000,418,606 | ---- | M] () -- C:\Users\TornadoTK\Desktop\pop'n music Sunny Park.ai
[2014/02/25 16:00:44 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/02/24 18:36:16 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\HoMM3 HD.lnk
[2014/02/22 05:05:45 | 000,964,224 | ---- | M] () -- C:\Users\TornadoTK\Desktop\popcorn.+From+Nichijou_b7f08e_4072123.gif
 
========== Files Created - No Company Name ==========
 
[2014/03/20 20:28:52 | 000,000,687 | ---- | C] () -- C:\Users\Public\Desktop\WildStar.lnk
[2014/03/19 18:59:09 | 000,035,922 | ---- | C] () -- C:\Users\TornadoTK\Desktop\bookmarksBACKUP.html
[2014/03/16 13:20:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/16 13:20:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/16 13:20:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/16 13:20:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/16 13:20:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/14 10:29:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/14 10:23:18 | 000,014,075 | ---- | C] () -- C:\Users\TornadoTK\Desktop\bookmarks-2014-03-14.json
[2014/03/11 17:12:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/03/10 13:24:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/03/07 20:57:21 | 000,023,746 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1601388_892491720780282_88317895_n.jpg
[2014/03/07 13:13:21 | 000,039,057 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1922456_595958580491014_1421947653_n.jpg
[2014/03/07 13:12:59 | 000,031,551 | ---- | C] () -- C:\Users\TornadoTK\Desktop\10007539_595959300490942_111177335_n.jpg
[2014/03/07 13:12:28 | 000,032,178 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1004501_595961413824064_978342439_n.jpg
[2014/03/07 13:12:18 | 000,042,144 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1920036_595963423823863_1089591266_n.jpg
[2014/03/07 13:11:31 | 000,029,216 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1011628_596278790458993_505614266_n.jpg
[2014/03/07 13:11:24 | 000,065,318 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1005543_596279263792279_1258461321_n.jpg
[2014/03/07 13:07:47 | 000,070,679 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1528729_598200213560899_901599431_n.jpg
[2014/03/07 12:17:43 | 000,102,718 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1932283_10152306856128945_1235704971_n.jpg
[2014/03/07 12:15:18 | 000,052,010 | ---- | C] () -- C:\Users\TornadoTK\Desktop\75968_632206450186066_615634749_n.jpg
[2014/03/07 12:15:10 | 000,035,501 | ---- | C] () -- C:\Users\TornadoTK\Desktop\1794565_741200445912743_1390305551_n.jpg
[2014/03/07 12:13:26 | 000,074,182 | ---- | C] () -- C:\Users\TornadoTK\Desktop\avoid1.jpg
[2014/03/06 20:10:52 | 001,727,351 | ---- | C] () -- C:\Users\TornadoTK\Desktop\cklhwcj7wok7v9y1qqav.gif
[2014/03/06 03:07:26 | 000,001,456 | ---- | C] () -- C:\Users\TornadoTK\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/03/06 03:07:25 | 000,310,521 | ---- | C] () -- C:\Users\TornadoTK\Desktop\testoverlay.png
[2014/03/05 22:29:52 | 000,000,866 | ---- | C] () -- C:\Users\TornadoTK\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2014/03/05 22:29:52 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\XSplit Broadcaster.lnk
[2014/03/05 17:20:54 | 000,000,906 | ---- | C] () -- C:\Users\TornadoTK\Desktop\Tetris - The Grand Master 3.lnk
[2014/03/02 16:31:21 | 004,862,602 | ---- | C] () -- C:\Users\TornadoTK\Desktop\doink-3_medium.gif
[2014/03/02 16:29:06 | 007,873,346 | ---- | C] () -- C:\Users\TornadoTK\Desktop\piggyback.gif
[2014/02/26 21:48:58 | 000,370,123 | ---- | C] () -- C:\Users\TornadoTK\Desktop\beatmania IIDX tricoro.ai
[2014/02/26 21:46:48 | 000,418,606 | ---- | C] () -- C:\Users\TornadoTK\Desktop\pop'n music Sunny Park.ai
[2014/02/25 16:00:44 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/02/24 18:36:16 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\HoMM3 HD.lnk
[2014/02/22 05:05:45 | 000,964,224 | ---- | C] () -- C:\Users\TornadoTK\Desktop\popcorn.+From+Nichijou_b7f08e_4072123.gif
[2014/01/07 17:11:36 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/01/05 21:07:31 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 23 March 2014 - 09:41 AM


Hello TornadoTK

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
    IE - HKU\S-1-5-21-873495118-3906234496-3227357945-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.


Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 TornadoTK

TornadoTK
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 23 March 2014 - 03:32 PM

Problem still persists. Just to make sure, is this a known hijack? Or is it just a redirect I wasn't aware of? Anyway, here's the log:

 

 

 

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-873495118-3906234496-3227357945-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\TornadoTK\Downloads\cmd.bat deleted successfully.
C:\Users\TornadoTK\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: TornadoTK
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: TornadoTK
->Flash cache emptied: 23721 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03232014_133007
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users