Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads malware


  • This topic is locked This topic is locked
20 replies to this topic

#1 MrBlud

MrBlud

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 01 April 2014 - 03:14 AM

My computer mysteriously rebooted earlier today and now it plays audio ads. It's very annoying and I would like to remove the malware that's causing this.

 

And no, this is not an April 1st prank.

 

Any help would be greatly appreciated.

 

Thank you



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 01 April 2014 - 04:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 01 April 2014 - 02:43 PM

Thank you Marius

 

Here is FRST.txt 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Daniel (administrator) on TELETRAN on 01-04-2014 15:28:30
Running from M:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(PS3 Media Server) C:\Program Files\PS3 Media Server\pms.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2012-10-31] (RealNetworks, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2500495333-3787849097-770392458-1001\...\Run: [DAEMON Tools] - C:\Program Files\DAEMON Tools\daemon.exe [171464 2007-08-29] (DT Soft Ltd.)
HKU\S-1-5-21-2500495333-3787849097-770392458-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-08-11] (Google Inc.)
HKU\S-1-5-21-2500495333-3787849097-770392458-1001\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2500495333-3787849097-770392458-1001\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEMonitor.lnk
ShortcutTarget: MEMonitor.lnk -> C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allspark.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope {F0F507D0-4249-48BB-AF3D-2EAD5AB9FEEA} URL =
SearchScopes: HKLM - {A688DD39-FE0B-4059-ADDC-9C425D71B075} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {A7A8B2ED-6676-4B1D-B3D3-E10CFF17DFF3} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {B7435E40-57D4-47D0-AB39-8EAF881DD2CD} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKCU - {A688DD39-FE0B-4059-ADDC-9C425D71B075} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {A7A8B2ED-6676-4B1D-B3D3-E10CFF17DFF3} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {B7435E40-57D4-47D0-AB39-8EAF881DD2CD} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Daniel\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} http://media.labs.live.com/all/ps/_code_/PhotosynthVista.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Daniel\Program Files\DNA\plugins\npbtdna.dll No File
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Daniel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Forecastfox - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2014-01-24]
FF Extension: Flash Game Maximizer - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2014-01-27]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2010-02-10]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-03]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-31]
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Daniel\Program Files\DNA

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (E-centives Coupon Activator Netscape Plugin v. 4.0.0.0) - C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Daniel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-03]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-06-07]
CHR Extension: (uTorrentControl2) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-06-07]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-31]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Daniel\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Daniel\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

========================== Services (Whitelisted) =================

S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] ()
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 XMLProvS; C:\Windows\system32\xmlprw32.dll [X]

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-04-01] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42112 2007-10-10] (Motorola Inc)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-20] (Motorola)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R1 MpKsl6c2e71e6; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D8B1AF7-96C5-404B-895D-B11627A01A2D}\MpKsl6c2e71e6.sys [39464 2014-04-01] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-10-21] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-10-21] (Printing Communications Assoc., Inc. (PCAUSA))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2007-09-06] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-19] (Microsoft Corporation)
U3 agkth5i1; C:\Windows\system32\Drivers\agkth5i1.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 15:25 - 2014-04-01 15:28 - 00000000 ____D () C:\FRST
2014-04-01 04:18 - 2014-04-01 04:18 - 00000000 ____S () C:\Windows\system32\cmaf.uai
2014-04-01 04:11 - 2014-04-01 04:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-01 04:05 - 2014-04-01 04:06 - 00005552 _____ () C:\Users\Daniel\Desktop\Rkill.txt
2014-04-01 03:51 - 2014-04-01 03:51 - 00014419 _____ () C:\ComboFix.txt
2014-04-01 01:53 - 2014-04-01 03:51 - 00000000 ____D () C:\Qoobox
2014-04-01 01:53 - 2014-04-01 03:51 - 00000000 ____D () C:\ComboFix
2014-04-01 01:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-01 01:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-01 01:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-01 01:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-01 01:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-01 01:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-01 01:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-01 01:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-31 23:45 - 2014-04-01 14:56 - 00000077 _____ () C:\Windows\system32\fcgd.ljw
2014-03-31 23:35 - 2014-03-31 23:35 - 00000064 _____ () C:\Windows\system32\hiqj.uzo
2014-03-31 23:35 - 2014-03-31 23:35 - 00000000 _____ () C:\Windows\system32\zlsdrcb.sqp
2014-03-31 23:17 - 2014-03-31 23:17 - 00000000 ____S () C:\Windows\system32\ruvdei.dzq
2014-03-31 23:16 - 2014-03-31 23:16 - 00000000 ____S () C:\Windows\system32\fndjk.aju
2014-03-31 23:16 - 2014-03-31 23:16 - 00000000 ____S () C:\Windows\system32\alqzu.dyi
2014-03-31 23:15 - 2014-03-31 23:15 - 00299344 ____S () C:\Windows\system32\hybqlx.dvj
2014-03-16 00:12 - 2014-03-16 00:12 - 00275184 _____ () C:\Windows\Minidump\Mini031614-01.dmp
2014-03-07 00:38 - 2014-03-07 00:38 - 00000761 _____ () C:\Users\Public\Desktop\PS3 Media Server.lnk
2014-03-07 00:37 - 2014-04-01 04:47 - 00000000 ____D () C:\ProgramData\PMS
2014-03-07 00:36 - 2014-03-07 00:36 - 00000000 ____D () C:\Program Files\PS3 Media Server
2014-03-07 00:27 - 2014-03-07 00:28 - 35886577 _____ () C:\Users\Daniel\Desktop\pms-1.90.1-setup-without-jre.exe
2014-03-04 17:56 - 2014-03-04 18:46 - 366980907 _____ () C:\Users\Daniel\Desktop\[T-N]Kamen_Rider_Fourze_01_HD[E0D8EB6C].mp4

==================== One Month Modified Files and Folders =======

2014-04-01 15:28 - 2014-04-01 15:25 - 00000000 ____D () C:\FRST
2014-04-01 15:20 - 2007-06-14 18:30 - 01226758 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 14:56 - 2014-03-31 23:45 - 00000077 _____ () C:\Windows\system32\fcgd.ljw
2014-04-01 14:46 - 2006-11-02 08:47 - 00003696 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 14:46 - 2006-11-02 08:47 - 00003696 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 14:44 - 2009-12-26 03:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 13:22 - 2009-03-24 15:47 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-04-01 11:22 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\tracing
2014-04-01 04:47 - 2014-03-07 00:37 - 00000000 ____D () C:\ProgramData\PMS
2014-04-01 04:18 - 2014-04-01 04:18 - 00000000 ____S () C:\Windows\system32\cmaf.uai
2014-04-01 04:11 - 2014-04-01 04:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-01 04:06 - 2014-04-01 04:05 - 00005552 _____ () C:\Users\Daniel\Desktop\Rkill.txt
2014-04-01 03:51 - 2014-04-01 03:51 - 00014419 _____ () C:\ComboFix.txt
2014-04-01 03:51 - 2014-04-01 01:53 - 00000000 ____D () C:\Qoobox
2014-04-01 03:51 - 2014-04-01 01:53 - 00000000 ____D () C:\ComboFix
2014-04-01 03:47 - 2009-12-26 03:42 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 03:47 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-01 02:52 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 02:46 - 2010-05-29 03:39 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-01 02:46 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 02:44 - 2007-06-07 00:54 - 00208258 _____ () C:\Windows\PFRO.log
2014-04-01 02:42 - 2011-12-19 03:00 - 00000000 ____D () C:\Windows\ERDNT
2014-04-01 02:42 - 2006-11-02 09:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 01:47 - 2012-05-03 19:01 - 00000000 ____D () C:\Program Files\uTorrentControl2
2014-04-01 00:20 - 2013-11-30 00:23 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-04-01 00:06 - 2012-05-03 19:01 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Conduit
2014-03-31 23:43 - 2012-05-03 21:20 - 00000000 ___RD () C:\Users\Daniel\Dropbox
2014-03-31 23:43 - 2012-05-03 20:29 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-03-31 23:35 - 2014-03-31 23:35 - 00000064 _____ () C:\Windows\system32\hiqj.uzo
2014-03-31 23:35 - 2014-03-31 23:35 - 00000000 _____ () C:\Windows\system32\zlsdrcb.sqp
2014-03-31 23:34 - 2012-05-02 13:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-31 23:17 - 2014-03-31 23:17 - 00000000 ____S () C:\Windows\system32\ruvdei.dzq
2014-03-31 23:16 - 2014-03-31 23:16 - 00000000 ____S () C:\Windows\system32\fndjk.aju
2014-03-31 23:16 - 2014-03-31 23:16 - 00000000 ____S () C:\Windows\system32\alqzu.dyi
2014-03-31 23:15 - 2014-03-31 23:15 - 00299344 ____S () C:\Windows\system32\hybqlx.dvj
2014-03-31 20:39 - 2007-09-02 22:36 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\uTorrent
2014-03-31 18:12 - 2008-09-19 03:59 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2014-03-31 17:52 - 2007-08-11 06:36 - 00028160 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-30 16:46 - 2012-04-03 01:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-30 16:46 - 2011-06-07 17:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-29 22:36 - 2007-08-11 01:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-26 23:48 - 2009-03-26 01:11 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DC++
2014-03-26 23:48 - 2009-03-26 01:11 - 00000000 ____D () C:\Users\Daniel\AppData\Local\DC++
2014-03-16 00:12 - 2014-03-16 00:12 - 00275184 _____ () C:\Windows\Minidump\Mini031614-01.dmp
2014-03-16 00:12 - 2008-06-15 18:09 - 00000000 ____D () C:\Windows\Minidump
2014-03-16 00:10 - 2008-06-15 18:09 - 255726310 _____ () C:\Windows\MEMORY.DMP
2014-03-07 00:38 - 2014-03-07 00:38 - 00000761 _____ () C:\Users\Public\Desktop\PS3 Media Server.lnk
2014-03-07 00:36 - 2014-03-07 00:36 - 00000000 ____D () C:\Program Files\PS3 Media Server
2014-03-07 00:28 - 2014-03-07 00:27 - 35886577 _____ () C:\Users\Daniel\Desktop\pms-1.90.1-setup-without-jre.exe
2014-03-06 02:11 - 2007-08-11 21:36 - 00029838 _____ () C:\Users\Daniel\AppData\Roaming\wklnhst.dat
2014-03-04 18:46 - 2014-03-04 17:56 - 366980907 _____ () C:\Users\Daniel\Desktop\[T-N]Kamen_Rider_Fourze_01_HD[E0D8EB6C].mp4

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\temp\jna7066250485720762040.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-10-20 15:39] - [2009-04-11 02:28] - 0552448 ____A (Microsoft Corporation) 9DE5E8B3AFCD8D224164A6CAA0B8488E

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-01 15:13

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

Addition.txt.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Daniel at 2014-04-01 15:29:55
Running from M:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Aimersoft Video Splitter(Build 2.5.0.5) (HKLM\...\Aimersoft Video Splitter_is1) (Version:  - Aimersoft Software)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E43B4909-141E-DFF3-8C58-62B5E4D66BBA}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
And Yet It Moves (HKLM\...\Steam App 18700) (Version:  - Broken Rules)
AoA Audio Extractor 1.0 (HKLM\...\AoA Audio Extractor_is1) (Version:  - AoAMedia.Com)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Awesome Duplicate Photo Finder v. 1.0.1 (HKLM\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
Back to the Future The Game - Episode 1 (HKLM\...\Episode 1) (Version: 1.0.0.0 - Telltale Games)
Batch PNG to JPG (HKLM\...\Batch PNG to JPG1.51) (Version: 1.51 - Design-Lib.com)
Bink and Smacker (HKLM\...\Bink and Smacker) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bridge4k (HKCU\...\Bridge4k) (Version:  - Mans Olson)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Cave Story+ (HKLM\...\Steam App 200900) (Version:  - )
CCC Help Chinese Standard (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
CertAid for Internet Explorer (HKLM\...\{DE5A9457-27F0-4935-A092-E748512E01D8}) (Version: 1.0.0.0 - MIT IS&T)
Command & Conquer™ Red Alert™ 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
ConvertXtoDVD 2.2.3.258g (HKLM\...\{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1) (Version: 2.2.3.258g - VSO-Software SARL)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
dBpoweramp FLAC Codec (HKLM\...\dBpoweramp FLAC Codec) (Version: Release 13.1 (FLAC 1.2.1) - Illustrate)
dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 13.2 - Illustrate)
DC++ 0.831 (HKLM\...\DC++) (Version: 0.831 - Jacek Sieka)
Deus Ex - Invisible War Unified Texture Pack, ver. 1.0 (HKLM\...\Deus Ex: Invisible War Unified Texture Pack ver.1.0) (Version:  - John P.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dup Detector (HKLM\...\DupDetector) (Version:  - )
Duplicate Finder (HKLM\...\Duplicate Finder_is1) (Version: 3.5 - Ashisoft)
DVD Audio Extractor 4.3.0 (HKLM\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Flick 1.3.0.6 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.6 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
E.M. Magic Swf2Avi 2008 build 5.2.9.101 (HKLM\...\E.M. Magic Swf2Avi 2008_is1) (Version:  - EffectMatrix, Inc.)
EAX Unified (HKLM\...\EAX Unified) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Eraser (HKLM\...\Eraser) (Version:  - Heidi Computers Ltd.)
Eraser (Version: 5.84 - Heidi Computers Ltd.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
FileZilla Client 3.0.4.1 (HKLM\...\FileZilla Client) (Version: 3.0.4.1 - )
FirmTools Duplicate Photo Finder 1 (HKLM\...\Duplicate Photo Finder) (Version: 1.1 - FirmTools)
FkConflict (HKCU\...\FkConflict) (Version:  - Blaine Hodge)
Free Studio version 2013 (HKLM\...\Free Studio_is1) (Version: 6.1.10.812 - DVDVideoSoft Ltd.)
GonVisor 1.74 (HKLM\...\GonVisor_is1) (Version:  - G.A.A.)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GTK+ 2.10.13 runtime environment (HKLM\...\WinGTK-2_is1) (Version:  - Tor Lillqvist)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
HandBrake 0.9.3 (HKLM\...\HandBrake) (Version: 0.9.3 - HandBrake)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Photosmart Essential2.5 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Total Care Advisor (HKLM\...\{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}) (Version: 1.1.17 - Hewlett-Packard)
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
ImgBurn (Remove Only) (HKLM\...\ImgBurn) (Version:  - )
InFlac 1.1.1 (HKLM\...\InFlac) (Version: 1.1.1 - Michael Facquet)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Viiv™ Software (HKLM\...\Intel® Configuration Center) (Version: 1.6.361.6 - Intel Corporation)
Intel® Viiv™ Software (Version: 1.6.361.6 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Jamestown (HKLM\...\Steam App 94200) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
JDownloader 0.9 (HKLM\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Left 4 Dead 2 Demo (HKLM\...\Steam App 590) (Version:  - Valve)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Little Inferno (HKLM\...\Steam App 221260) (Version:  - )
Love & Order (HKCU\...\Love & Order) (Version:  - )
MakeMKV v1.8.3 (HKLM\...\MakeMKV) (Version: v1.8.3 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Payne 3 (HKLM\...\Steam App 204100) (Version:  - Rockstar)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Media Player Classic - Home Cinema v1.4.2499.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team)
MediaMonkey 3.1 (HKLM\...\MediaMonkey_is1) (Version: 3.1 - Ventis Media Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MKVtoolnix 4.6.0 (HKLM\...\MKVtoolnix) (Version: 4.6.0 - Moritz Bunkus)
MobileMe Control Panel (HKLM\...\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}) (Version: 3.0.0.101 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM\...\MusicBrainz Picard) (Version: 0.12.1 - MusicBrainz)
muvee autoProducer 6.0 (HKLM\...\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1701 - WildTangent)
Netflix in Windows Media Center (HKLM\...\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}) (Version: 2.0.0.0 - Microsoft Corporation)
NightSky (HKLM\...\Steam App 99700) (Version:  - )
Norton Internet Security (Version: 10.2.0.30 - Symantec Corporation) Hidden
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Octodad (HKLM\...\Octodad) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 2.3 (HKLM\...\{83C03FBE-4492-4133-BBAB-421CD88ADA32}) (Version: 2.3.9221 - OpenOffice.org)
Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDFZilla V1.2.9 (HKLM\...\PDFZilla_is1) (Version:  - PDFZilla, Inc.)
Peggle Deluxe (HKLM\...\Steam App 3480) (Version:  - PopCap)
Peggle Extreme (HKLM\...\Steam App 3483) (Version:  - PopCap)
Pidgin (HKLM\...\Pidgin) (Version: 2.7.3 - )
Plants Vs Zombies Demo (HKLM\...\Steam App 3592) (Version:  - PopCap)
Porrasturvat - Stair Dismount (HKLM\...\Porrasturvat - Stair Dismount) (Version:  - )
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.559 - Roxio)
Sid Meier's Civilization IV (HKLM\...\Steam App 3900) (Version:  - Firaxis)
Sid Meier's Civilization IV: Beyond the Sword (HKLM\...\Steam App 8800) (Version:  - Firaxis)
Sid Meier's Civilization IV: Warlords (HKLM\...\Steam App 3990) (Version:  - Firaxis)
SiN Episodes: Emergence (HKCU\...\Steam App 1300) (Version:  - Ritual)
Singles2 (HKLM\...\{F4851D03-553C-4ACE-ADBD-CA6BE8451072}) (Version: 2.00.000 - Deep Silver)
Sketchbook 1.1 (HKLM\...\Sketchbook) (Version: 1.1 - Lily of the Valley games)
Snapfish Media Detector (HKLM\...\{4EF6FDB0-3B11-4820-9860-8E08E9965195}) (Version: 1.7.0.15 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Speckie (HKLM\...\{6B906E34-F8EE-4DF1-B871-80DD01B0F709}) (Version: 1.6.0.0 - Versoworks Pty Ltd)
Speckie (HKLM\...\{D6364759-959B-463B-BFE1-2B506434431F}) (Version: 5.8.0 - Versoworks)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
StarCraft II (HKLM\...\StarCraft II) (Version: 1.1.3.16939 - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - )
SureThing CD Labeler 4 SE (HKLM\...\MVApplication1) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Monkey Island - Launch of the Screaming Narwhal (HKLM\...\Launch of the Screaming Narwhal) (Version: 1.0.0.15 - Telltale Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
The GIMP 2.2.17 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
The Klub 17 (HKLM\...\The Klub 17) (Version: 5.1.1 - Team K17)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - )
TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
TweetDeck (HKLM\...\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}) (Version: 2.7.1 - Twitter, Inc.)
TweetDeck (HKLM\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.38.1 - TweetDeck Inc)
TweetDeck (Version: 0.38.1 - TweetDeck Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
V CAST Music Manager  (HKLM\...\VCast Music Essentials Manager) (Version:  - Smith Micro Software, Inc.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.4.9 - Shark007)
Visual Similarity Duplicate Image Finder Corporate 4.2.0.1 (HKLM\...\{72D6BE71-2A6F-4D01-809E-A3174D1738A0}_is1) (Version: 4.2.0.1 - MindGems, Inc.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Winamp (HKLM\...\Winamp) (Version: 5.56  - Nullsoft, Inc)
Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wondershare Video Converter Platinum(Build 4.2.0.56) (HKLM\...\Wondershare Video Converter Platinum_is1) (Version:  - Wondershare Software)
World of Goo (HKLM\...\Steam App 22000) (Version:  - 2D Boy)
World of Warcraft FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Restore Points  =========================

10-03-2014 07:08:43 Scheduled Checkpoint
11-03-2014 05:24:56 Scheduled Checkpoint
12-03-2014 04:18:20 Scheduled Checkpoint
13-03-2014 05:34:37 Scheduled Checkpoint
14-03-2014 04:25:38 Scheduled Checkpoint
15-03-2014 05:43:49 Scheduled Checkpoint
16-03-2014 06:29:40 Scheduled Checkpoint
17-03-2014 06:20:51 Scheduled Checkpoint
18-03-2014 04:00:11 Scheduled Checkpoint
18-03-2014 22:48:06 Scheduled Checkpoint
20-03-2014 22:50:54 Scheduled Checkpoint
22-03-2014 04:00:13 Scheduled Checkpoint
23-03-2014 07:34:32 Scheduled Checkpoint
24-03-2014 06:11:05 Scheduled Checkpoint
25-03-2014 05:31:04 Scheduled Checkpoint
26-03-2014 06:47:15 Scheduled Checkpoint
27-03-2014 05:44:33 Scheduled Checkpoint
28-03-2014 04:00:37 Scheduled Checkpoint
29-03-2014 04:05:22 Scheduled Checkpoint
30-03-2014 07:22:28 Scheduled Checkpoint
31-03-2014 07:03:35 Scheduled Checkpoint

==================== Hosts content: ==========================

2011-12-23 12:10 - 2014-04-01 03:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1DA8F56A-D10F-45A0-A817-DFED51036C18} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23BB7977-572D-439F-B73C-AE0F454F7A93} - System32\Tasks\IntenetServiceOffers => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-03-05] ()
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {7158F103-5BF9-4126-A087-419EEA7B2A20} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2500495333-3787849097-770392458-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {A0F35631-3E19-4353-A891-F99C85C89E19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26] (Google Inc.)
Task: {A6BC026A-A658-4D48-AF4E-09F1CBD711CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {AE6C55CF-D083-43E0-8E51-6F946C5D4A8A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B6B372A7-8B4B-49E9-9B0A-EF92072641EE} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-03-05] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E5FD126C-D31F-4960-9EB2-F9AE7F2DAF46} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2500495333-3787849097-770392458-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {EC292EC1-B346-4B0F-AC26-BB3A2AD0ECCF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EC4FDCEF-3987-4E22-AB9A-558924A225FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26] (Google Inc.)
Task: {F27562B4-0E14-44A4-A413-8BD1B8895E94} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {FE99D624-E8D2-45AB-8078-19107ADBA233} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-21] (Google)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-09-03 13:32 - 2006-09-03 13:32 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2010-08-25 21:19 - 2012-11-16 15:37 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2011-03-24 13:47 - 2014-03-29 22:36 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-01 04:47 - 2014-04-01 04:47 - 00011264 _____ () C:\Users\Daniel\AppData\Local\Temp\nsq8EAB.tmp\System.dll
2014-01-24 16:51 - 2014-01-24 16:51 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\Users\Daniel\Documents\IronDone.dmsd:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daniel\Documents\IronTrailer.dmsd:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daniel\Documents\IronUSE.dmsd:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 03:31:59 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e, exception code 0xc0000005, fault offset 0x0000abf6,
process id 0x1c0c, application start time 0xsvchost.exe0.

Error: (04/01/2014 00:42:29 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a, exception code 0xc0000005, fault offset 0x004c3469,
process id 0x1844, application start time 0xsvchost.exe0.

Error: (04/01/2014 11:19:31 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a, exception code 0xc0000005, fault offset 0x004c3469,
process id 0x1de4, application start time 0xsvchost.exe0.

Error: (04/01/2014 08:22:31 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e, exception code 0xc0000005, fault offset 0x0000abf6,
process id 0x1238, application start time 0xsvchost.exe0.

Error: (04/01/2014 08:11:20 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e, exception code 0xc0000005, fault offset 0x0000abf6,
process id 0x520, application start time 0xsvchost.exe0.

Error: (04/01/2014 07:14:49 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a, exception code 0xc0000005, fault offset 0x004c3469,
process id 0x724, application start time 0xsvchost.exe0.

Error: (04/01/2014 06:01:06 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a, exception code 0xc0000005, fault offset 0x004c3469,
process id 0x146c, application start time 0xsvchost.exe0.

Error: (04/01/2014 04:06:35 AM) (Source: Application Error) (User: )
Description: Faulting application rkill.exe, version 2.6.5.0, time stamp 0x52cccd65, faulting module rkill.exe, version 2.6.5.0, time stamp 0x52cccd65, exception code 0xc0000417, fault offset 0x00061025,
process id 0x1aa4, application start time 0xrkill.exe0.

Error: (04/01/2014 02:00:34 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/01/2014 02:00:34 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (04/01/2014 02:46:30 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/01/2014 02:46:30 AM) (Source: Service Control Manager) (User: )
Description: Network ProService%%126

Error: (04/01/2014 02:42:21 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (04/01/2014 02:29:20 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (04/01/2014 02:15:40 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (04/01/2014 02:08:54 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (04/01/2014 02:08:12 AM) (Source: Service Control Manager) (User: )
Description: XAudioService1

Error: (04/01/2014 02:07:38 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/01/2014 02:07:38 AM) (Source: Service Control Manager) (User: )
Description: Network ProService%%126

Error: (04/01/2014 01:56:52 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-01 15:29:27.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 15:29:27.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 15:29:27.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 15:29:26.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:01:36.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\Test4Max\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:01:36.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\Test4Max\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:01:36.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\Test4Max\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:01:35.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\Test4Max\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 00:36:10.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 00:36:10.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 3070.57 MB
Available physical RAM: 1128.63 MB
Total Pagefile: 6374.16 MB
Available Pagefile: 3678.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.43 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:363.79 GB) (Free:47.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.82 GB) (Free:1.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (My Book) (Fixed) (Total:232.83 GB) (Free:13 GB) FAT32
Drive m: (My Book) (Fixed) (Total:2794.49 GB) (Free:2228.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 373 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=364 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 233 GB) (Disk ID: 8F9C798A)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.

==================== End Of Log ============================

 

And the attached (as directed) TDSSKiller log

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 02 April 2014 - 05:57 AM

Please post up C:\ComboFix.txt :rolleyes:


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 02 April 2014 - 02:41 PM

ComboFix 14-03-24.01 - Daniel 04/01/2014   2:08.5.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3071.2002 [GMT -4:00]

Running from: M:\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Daniel\AppData\Roaming\inst.exe

c:\windows\$NtUninstallKB58476$

c:\windows\system64

c:\windows\system64\atl100.dll

c:\windows\system64\msvcp100.dll

c:\windows\system64\msvcr100.dll

.

.

(((((((((((((((((((((((((   Files Created from 2014-03-01 to 2014-04-01  )))))))))))))))))))))))))))))))

.

.

2071-07-25 14:13 . 2006-11-22 01:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe

2014-04-01 06:40 . 2014-04-01 07:47 -------- d-----w- c:\users\Daniel\AppData\Local\temp

2014-04-01 06:40 . 2014-04-01 06:40 -------- d-----w- c:\users\Mcx3\AppData\Local\temp

2014-04-01 06:40 . 2014-04-01 06:40 -------- d-----w- c:\users\Mcx2\AppData\Local\temp

2014-04-01 06:40 . 2014-04-01 06:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2014-04-01 06:40 . 2014-04-01 06:40 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2014-04-01 06:40 . 2014-04-01 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-04-01 06:40 . 2014-04-01 06:40 -------- d-----w- c:\users\Test\AppData\Local\temp

2014-03-31 20:46 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D8B1AF7-96C5-404B-895D-B11627A01A2D}\mpengine.dll

2014-03-07 04:37 . 2014-04-01 00:41 -------- d-----w- c:\programdata\PMS

2014-03-07 04:36 . 2014-03-07 04:36 -------- d-----w- c:\program files\PS3 Media Server

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-01 04:20 . 2013-11-30 04:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2014-03-30 20:46 . 2012-04-03 05:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-03-30 20:46 . 2011-06-07 21:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-03-07 04:35 . 2011-12-31 18:06 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-01-17 21:24 . 2014-01-17 21:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2014-01-17 21:24 . 2014-01-17 21:24 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6002.18005] . . c:\windows\ERDNT\cache\rpcss.dll

[-] 2009-04-11 . 9DE5E8B3AFCD8D224164A6CAA0B8488E . 552448 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll

[-] 2009-04-11 06:28 . !HASH: COULD NOT OPEN FILE !!!!! . 550400 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll

[7] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll

[7] 2009-03-03 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll

[7] 2009-03-03 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll

[7] 2009-03-03 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll

[7] 2008-01-19 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll

[7] 2006-11-02 . B46D8EA6DD30BAA49F674DACDC4C491F . 545792 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 68856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-10-31 296096]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]

.

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]

MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -m [2008-1-18 947544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache

xmlpros REG_MULTI_SZ    XMLProvS

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-15 11:39 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-03-31 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-11 05:16]

.

2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 07:42]

.

2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 07:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.allspark.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

Trusted Zone: mit.edu\ca

Trusted Zone: mit.edu\ca2

Trusted Zone: mit.edu\insidemit-apps

Trusted Zone: mit.edu\vpn

Trusted Zone: mit.edu\web

TCP: DhcpNameServer = 192.168.1.254

DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab

DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab

DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} - hxxp://media.labs.live.com/all/ps/_code_/PhotosynthVista.cab

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249\

.

.

**************************************************************************

scanning hidden processes ... 

.

scanning hidden autostart entries ...

.

scanning hidden files ... 

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2500495333-3787849097-770392458-1001\Software\SecuROM\License information*]

"datasecu"=hex:ea,ad,6e,87,24,9e,8f,91,f4,ca,67,13,8e,f3,4b,0d,e7,83,ce,c8,c4,

   56,b3,60,70,d2,9f,a6,22,12,c0,ba,e7,e2,c0,58,9c,70,64,db,fa,e7,ee,a5,13,0f,\

"rkeysecu"=hex:b3,32,51,50,b0,2a,dc,96,67,a7,b7,49,be,8c,8e,77

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4360)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\atiesrxx.exe

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe

c:\program files\Google\Update\1.3.23.9\GoogleCrashHandler.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2014-04-01  03:51:21 - machine was rebooted

ComboFix-quarantined-files.txt  2014-04-01 07:51

.

Pre-Run: 37,168,361,472 bytes free

Post-Run: 57,164,562,432 bytes free

.

- - End Of File - - 65D2823155964F34A925F023A7101D60

8913823FF508CCF109DB74B636C301DA



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 03 April 2014 - 04:23 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 04 April 2014 - 02:33 AM

I downloaded CFScript.txt and dragged it into Combofix.exe

 

Combofix.exe unpacks and backs up the registry but then nothing further happens.

 

I even tried it in safe mode but nothing happens. No new log is created, nothing.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 04 April 2014 - 02:41 AM

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 04 April 2014 - 03:30 AM

Log is attached

Attached Files

  • Attached File  FRST.txt   20.51KB   12 downloads


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 04 April 2014 - 05:01 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) <==== ATTENTION
    HKU\Mcx2\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) <==== ATTENTION
    HKU\Mcx3\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) <==== ATTENTION
    
    
    2014-04-03 02:37 - 2014-04-03 02:37 - 00000000 ____S () C:\Windows\System32\cjqbcai.rii
    2014-04-02 01:54 - 2014-04-02 01:54 - 00000000 ____S () C:\Windows\System32\nzpcz.oxv
    2014-04-01 00:18 - 2014-04-01 00:18 - 00000000 ____S () C:\Windows\System32\cmaf.uai
    2014-03-31 19:45 - 2014-04-03 23:37 - 00000084 _____ () C:\Windows\System32\fcgd.ljw
    2014-03-31 19:35 - 2014-03-31 19:35 - 00000064 _____ () C:\Windows\System32\hiqj.uzo
    2014-03-31 19:35 - 2014-03-31 19:35 - 00000000 _____ () C:\Windows\System32\zlsdrcb.sqp
    2014-03-31 19:17 - 2014-03-31 19:17 - 00000000 ____S () C:\Windows\System32\ruvdei.dzq
    2014-03-31 19:16 - 2014-03-31 19:16 - 00000000 ____S () C:\Windows\System32\fndjk.aju
    2014-03-31 19:16 - 2014-03-31 19:16 - 00000000 ____S () C:\Windows\System32\alqzu.dyi
    2014-03-31 19:15 - 2014-03-31 19:15 - 00299344 ____S () C:\Windows\System32\hybqlx.dvj
    2014-04-04 00:04 - 2010-05-28 23:39 - 00262144 _____ () C:\Windows\System32\Ikeext.etl
    2014-03-31 20:06 - 2012-05-03 15:01 - 00000000 ____D () C:\Users\Daniel\Local Settings\Application Data\Conduit
    2014-03-31 20:06 - 2012-05-03 15:01 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Conduit
    
    REPLACE: c:\windows\ERDNT\cache\rpcss.dll c:\windows\System32\rpcss.dll
    REPLACE: c:\windows\ERDNT\cache\rpcss.dll  c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
    
    REBOOT:

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 04 April 2014 - 03:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01

Ran by SYSTEM at 2014-04-04 16:06:12 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

Content of fixlist:

*****************

HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) <==== ATTENTION

HKU\Mcx2\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) <==== ATTENTION

HKU\Mcx3\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) <==== ATTENTION

 

2014-04-03 02:37 - 2014-04-03 02:37 - 00000000 ____S () C:\Windows\System32\cjqbcai.rii

2014-04-02 01:54 - 2014-04-02 01:54 - 00000000 ____S () C:\Windows\System32\nzpcz.oxv

2014-04-01 00:18 - 2014-04-01 00:18 - 00000000 ____S () C:\Windows\System32\cmaf.uai

2014-03-31 19:45 - 2014-04-03 23:37 - 00000084 _____ () C:\Windows\System32\fcgd.ljw

2014-03-31 19:35 - 2014-03-31 19:35 - 00000064 _____ () C:\Windows\System32\hiqj.uzo

2014-03-31 19:35 - 2014-03-31 19:35 - 00000000 _____ () C:\Windows\System32\zlsdrcb.sqp

2014-03-31 19:17 - 2014-03-31 19:17 - 00000000 ____S () C:\Windows\System32\ruvdei.dzq

2014-03-31 19:16 - 2014-03-31 19:16 - 00000000 ____S () C:\Windows\System32\fndjk.aju

2014-03-31 19:16 - 2014-03-31 19:16 - 00000000 ____S () C:\Windows\System32\alqzu.dyi

2014-03-31 19:15 - 2014-03-31 19:15 - 00299344 ____S () C:\Windows\System32\hybqlx.dvj

2014-04-04 00:04 - 2010-05-28 23:39 - 00262144 _____ () C:\Windows\System32\Ikeext.etl

2014-03-31 20:06 - 2012-05-03 15:01 - 00000000 ____D () C:\Users\Daniel\Local Settings\Application Data\Conduit

2014-03-31 20:06 - 2012-05-03 15:01 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Conduit

 

REPLACE: c:\windows\ERDNT\cache\rpcss.dll c:\windows\System32\rpcss.dll

REPLACE: c:\windows\ERDNT\cache\rpcss.dll  c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll

REBOOT:

*****************

 

HKU\Mcx1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKU\Mcx2\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKU\Mcx3\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Windows\System32\cjqbcai.rii => Moved successfully.

C:\Windows\System32\nzpcz.oxv => Moved successfully.

C:\Windows\System32\cmaf.uai => Moved successfully.

C:\Windows\System32\fcgd.ljw => Moved successfully.

C:\Windows\System32\hiqj.uzo => Moved successfully.

C:\Windows\System32\zlsdrcb.sqp => Moved successfully.

C:\Windows\System32\ruvdei.dzq => Moved successfully.

C:\Windows\System32\fndjk.aju => Moved successfully.

C:\Windows\System32\alqzu.dyi => Moved successfully.

C:\Windows\System32\hybqlx.dvj => Moved successfully.

C:\Windows\System32\Ikeext.etl => Moved successfully.

C:\Users\Daniel\Local Settings\Application Data\Conduit => Moved successfully.

"C:\Users\Daniel\AppData\Local\Conduit" => File/Directory not found.

c:\windows\System32\rpcss.dll => Moved successfully.

c:\windows\ERDNT\cache\rpcss.dll copied successfully to c:\windows\System32\rpcss.dll

c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll => Moved successfully.

c:\windows\ERDNT\cache\rpcss.dll  copied successfully to c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll

REBOOT: => Error: The entry should be fixed outside recovery mode.

 

==== End of Fixlog ====



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 07 April 2014 - 02:43 AM

Please rescan with FRST.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 07 April 2014 - 11:10 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)

Ran by Daniel (administrator) on TELETRAN on 08-04-2014 00:00:48

Running from M:\

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(DT Soft Ltd.) C:\Program Files\DAEMON Tools\daemon.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe

(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

(Smith Micro Software, Inc.) C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Company) C:\hp\kbd\kbd.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

(PS3 Media Server) C:\Program Files\PS3 Media Server\pms.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe

(PS3 Media Server) C:\Program Files\PS3 Media Server\pms.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)

HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)

HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)

HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2012-10-31] (RealNetworks, Inc.)

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKU\S-1-5-21-2500495333-3787849097-770392458-1001\...\Run: [DAEMON Tools] - C:\Program Files\DAEMON Tools\daemon.exe [171464 2007-08-29] (DT Soft Ltd.)

HKU\S-1-5-21-2500495333-3787849097-770392458-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-08-11] (Google Inc.)

HKU\S-1-5-21-2500495333-3787849097-770392458-1001\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-2500495333-3787849097-770392458-1001\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEMonitor.lnk

ShortcutTarget: MEMonitor.lnk -> C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allspark.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop

SearchScopes: HKLM - DefaultScope {F0F507D0-4249-48BB-AF3D-2EAD5AB9FEEA} URL =

SearchScopes: HKLM - {A688DD39-FE0B-4059-ADDC-9C425D71B075} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM - {A7A8B2ED-6676-4B1D-B3D3-E10CFF17DFF3} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {B7435E40-57D4-47D0-AB39-8EAF881DD2CD} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7

SearchScopes: HKCU - {A688DD39-FE0B-4059-ADDC-9C425D71B075} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {A7A8B2ED-6676-4B1D-B3D3-E10CFF17DFF3} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =

SearchScopes: HKCU - {B7435E40-57D4-47D0-AB39-8EAF881DD2CD} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Daniel\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} http://media.labs.live.com/all/ps/_code_/PhotosynthVista.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Daniel\Program Files\DNA\plugins\npbtdna.dll No File

FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Daniel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

FF Extension: Forecastfox - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2014-01-24]

FF Extension: Flash Game Maximizer - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2014-01-27]

FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r8tj9t3n.default-1390519373249\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext

FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2010-02-10]

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-03]

FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-31]

FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Daniel\Program Files\DNA

 

Chrome:

=======

CHR HomePage: hxxp://www.google.com

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (E-centives Coupon Activator Netscape Plugin v. 4.0.0.0) - C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File

CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)

CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)

CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)

CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File

CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Facebook Plugin) - C:\Users\Daniel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-03]

CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]

CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-06-07]

CHR Extension: (uTorrentControl2) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-06-07]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-31]

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Daniel\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Daniel\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

 

========================== Services (Whitelisted) =================

 

S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation)

R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] ()

S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation)

S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation)

S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)

S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)

S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation)

S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)

S2 XMLProvS; C:\Windows\system32\xmlprw32.dll [X]

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-04-01] (Malwarebytes Corporation)

S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)

S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)

S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42112 2007-10-10] (Motorola Inc)

S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-20] (Motorola)

R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)

R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)

S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-10-21] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-10-21] (Printing Communications Assoc., Inc. (PCAUSA))

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2007-09-06] ()

S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)

S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-19] (Microsoft Corporation)

U3 aiyfh3to; C:\Windows\system32\Drivers\aiyfh3to.sys [0 ] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2014-04-04 16:10 - 2014-04-04 16:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-04-04 09:48 - 2014-04-04 09:48 - 00000000 ____S () C:\Windows\system32\semexn.whr

2014-04-04 02:30 - 2014-04-03 12:51 - 00000433 _____ () C:\Users\Daniel\CFScript.txt

2014-04-04 02:29 - 2014-04-04 02:29 - 05193944 ____R (Swearware) C:\Users\Daniel\ComboFix.exe

2014-04-04 02:25 - 2014-04-04 02:25 - 00000396 _____ () C:\Users\Daniel\Desktop\ComboFix.exe - Shortcut.lnk

2014-04-04 02:25 - 2014-04-03 12:51 - 00000433 _____ () C:\Users\Daniel\Desktop\CFScript.txt

2014-04-03 12:54 - 2014-04-04 03:20 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-01 15:25 - 2014-04-08 00:00 - 00000000 ____D () C:\FRST

2014-04-01 04:11 - 2014-04-01 04:11 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-01 04:05 - 2014-04-04 03:21 - 00001462 _____ () C:\Users\Daniel\Desktop\Rkill.txt

2014-04-01 03:51 - 2014-04-01 03:51 - 00014419 _____ () C:\ComboFix.txt

2014-04-01 01:53 - 2014-04-01 03:51 - 00000000 ____D () C:\Qoobox

2014-04-01 01:53 - 2014-04-01 03:51 - 00000000 ____D () C:\ComboFix

2014-04-01 01:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-01 01:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-01 01:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-01 01:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-01 01:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-01 01:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-01 01:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-01 01:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe

2014-03-16 00:12 - 2014-03-16 00:12 - 00275184 _____ () C:\Windows\Minidump\Mini031614-01.dmp

 

==================== One Month Modified Files and Folders =======

 

2014-04-08 00:00 - 2014-04-01 15:25 - 00000000 ____D () C:\FRST

2014-04-07 23:44 - 2009-12-26 03:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-07 23:44 - 2009-12-26 03:42 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-07 23:17 - 2007-06-14 18:30 - 01341796 _____ () C:\Windows\WindowsUpdate.log

2014-04-07 22:18 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\tracing

2014-04-07 22:10 - 2006-11-02 08:47 - 00003696 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-07 22:10 - 2006-11-02 08:47 - 00003696 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-07 13:22 - 2009-03-24 15:47 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job

2014-04-07 05:49 - 2014-03-07 00:37 - 00000000 ____D () C:\ProgramData\PMS

2014-04-06 23:32 - 2012-05-03 20:29 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox

2014-04-06 02:27 - 2008-09-19 03:59 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc

2014-04-04 16:16 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-04 16:12 - 2012-05-03 21:20 - 00000000 ___RD () C:\Users\Daniel\Dropbox

2014-04-04 16:10 - 2014-04-04 16:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-04-04 16:10 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-04 15:49 - 2006-11-02 09:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-04 09:48 - 2014-04-04 09:48 - 00000000 ____S () C:\Windows\system32\semexn.whr

2014-04-04 03:21 - 2014-04-01 04:05 - 00001462 _____ () C:\Users\Daniel\Desktop\Rkill.txt

2014-04-04 03:20 - 2014-04-03 12:54 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-04 02:30 - 2007-08-11 01:15 - 00000000 ____D () C:\Users\Daniel

2014-04-04 02:29 - 2014-04-04 02:29 - 05193944 ____R (Swearware) C:\Users\Daniel\ComboFix.exe

2014-04-04 02:25 - 2014-04-04 02:25 - 00000396 _____ () C:\Users\Daniel\Desktop\ComboFix.exe - Shortcut.lnk

2014-04-03 12:51 - 2014-04-04 02:30 - 00000433 _____ () C:\Users\Daniel\CFScript.txt

2014-04-03 12:51 - 2014-04-04 02:25 - 00000433 _____ () C:\Users\Daniel\Desktop\CFScript.txt

2014-04-03 01:55 - 2009-03-26 01:11 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DC++

2014-04-03 01:55 - 2009-03-26 01:11 - 00000000 ____D () C:\Users\Daniel\AppData\Local\DC++

2014-04-01 04:11 - 2014-04-01 04:11 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-01 03:51 - 2014-04-01 03:51 - 00014419 _____ () C:\ComboFix.txt

2014-04-01 03:51 - 2014-04-01 01:53 - 00000000 ____D () C:\Qoobox

2014-04-01 03:51 - 2014-04-01 01:53 - 00000000 ____D () C:\ComboFix

2014-04-01 03:47 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini

2014-04-01 02:44 - 2007-06-07 00:54 - 00208258 _____ () C:\Windows\PFRO.log

2014-04-01 02:42 - 2011-12-19 03:00 - 00000000 ____D () C:\Windows\ERDNT

2014-04-01 01:47 - 2012-05-03 19:01 - 00000000 ____D () C:\Program Files\uTorrentControl2

2014-04-01 00:20 - 2013-11-30 00:23 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2014-03-31 23:34 - 2012-05-02 13:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-03-31 20:39 - 2007-09-02 22:36 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\uTorrent

2014-03-31 17:52 - 2007-08-11 06:36 - 00028160 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-03-30 16:46 - 2012-04-03 01:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-03-30 16:46 - 2011-06-07 17:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-03-29 22:36 - 2007-08-11 01:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-03-16 00:12 - 2014-03-16 00:12 - 00275184 _____ () C:\Windows\Minidump\Mini031614-01.dmp

2014-03-16 00:12 - 2008-06-15 18:09 - 00000000 ____D () C:\Windows\Minidump

2014-03-16 00:10 - 2008-06-15 18:09 - 255726310 _____ () C:\Windows\MEMORY.DMP

Files to move or delete:

====================

C:\Users\Daniel\ComboFix.exe

 

Some content of TEMP:

====================

C:\Users\Daniel\AppData\Local\temp\jna2035935733296682801.dll

C:\Users\Daniel\AppData\Local\temp\jna4525581853508339493.dll

C:\Users\Daniel\AppData\Local\temp\jna6303751251021877996.dll

C:\Users\Daniel\AppData\Local\temp\jna7066250485720762040.dll

C:\Users\Daniel\AppData\Local\temp\jna8698338268003799220.dll

 

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2014-04-07 16:52

 

==================== End Of Log ============================



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 08 April 2014 - 09:00 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 09 April 2014 - 02:28 PM

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.04.08.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Daniel :: TELETRAN [administrator]

4/9/2014 12:43:10 AM

mbam-log-2014-04-09 (00-43-10).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 404301

Time elapsed: 23 minute(s), 40 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Program Files\uTorrentControl2 (PUP.Optional.uTorrentControl.A) -> Quarantined and deleted successfully.

 

Files Detected: 0

(No malicious items detected)

(end)

 

 

 

ESET Log

 

C:\Documents and Settings\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.26.9.505_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\hk64tbuTo0.dll Win64/Toolbar.Conduit.B potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\hk64tbuTo2.dll Win64/Toolbar.Conduit.B potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\hktbuTo0.dll Win32/Toolbar.Conduit.X potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\ldrtbuTo2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\tbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\tbuTo1.dll Win32/Toolbar.Conduit.Y potentially unwanted application

C:\Documents and Settings\Daniel\AppData\LocalLow\uTorrentControl2\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\FRST\Quarantine\C\Users\Daniel\Local Settings\Application Data\Conduit\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application

C:\FRST\Quarantine\C\Users\Daniel\Local Settings\Application Data\Conduit\APISupport\APISupport.old a variant of Win32/Toolbar.Conduit.Z potentially unwanted application

C:\FRST\Quarantine\C\Users\Daniel\Local Settings\Application Data\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application

C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD Win32/Patched.IB trojan

C:\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application

C:\TDSSKiller_Quarantine\01.04.2014_04.07.31\susp0000\svc0000\tsk0000.dta Win32/Patched.IB trojan

C:\TDSSKiller_Quarantine\01.04.2014_04.07.31\susp0003\svc0000\tsk0000.dta Win32/Patched.IB trojan

C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.26.9.505_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\hk64tbuTo0.dll Win64/Toolbar.Conduit.B potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\hk64tbuTo2.dll Win64/Toolbar.Conduit.B potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\hktbuTo0.dll Win32/Toolbar.Conduit.X potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\ldrtbuTo2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\tbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\tbuTo1.dll Win32/Toolbar.Conduit.Y potentially unwanted application

C:\Users\Daniel\AppData\LocalLow\uTorrentControl2\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys Win32/Sirefef.DA trojan






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users