Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads pops up after i open my browser and it continues in each tab


  • This topic is locked This topic is locked
22 replies to this topic

#1 gavguinitaran

gavguinitaran

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 14 April 2014 - 04:30 AM

After i open my browser(chrome) i somewhat "trigger" an audio ad and it loops again and again for every tab  i have; im guessing its a malware since my gf downloads things most of the time.. i tried malwarebytes, tdss killer, rogue killer, JRT, Hitman pro x64 and even adw cleaner to no avail.. the anti virus/ malware programs detected some files that needed to be deleted but the ad never stopped.. my computer now sounds like a market place and im bewildered by the noise from this malware. i dont have any idea how to coop with this anymore, i need professional help, and a reply from any of the members/moderators would mean so much to me.. please enlighten me and guide me on how to fix this problem. i would cooperate whole heartedly and do whatever means necessary to confide with the necessary standard procedure(s) in order to fix this problem.

 

attached is the dss.txt and the screenshot of the "notification" when i try to close a tab(thus the noise/ad stops after it's closed)

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 AM

Posted 15 April 2014 - 08:28 AM




Hello gavguinitaran

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
I need to find out some more information about one of the files on the computer

Please run FRST like you did before but this time I would like you to

Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gavguinitaran

gavguinitaran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 17 April 2014 - 12:21 PM

Thank you for the warm welcome sir Gringo, here are the following logs:

from FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by USER (administrator) on ADMIN on 18-04-2014 01:13:42
Running from C:\Users\USER\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) F:\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
() C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Sandboxie Holdings, LLC) F:\Sandboxie\SbieCtrl.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-28] (Logitech Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [USB Antivirus] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-29] (Advanced Micro Devices, Inc.)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKU\S-1-5-21-3317675507-2544114068-4087923622-1000\...\Run: [SandboxieControl] => F:\Sandboxie\SbieCtrl.exe [759496 2014-01-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3317675507-2544114068-4087923622-1000\...\MountPoints2: J - J:\AutoRun.exe
HKU\S-1-5-21-3317675507-2544114068-4087923622-1000\...\MountPoints2: {67c2debb-e8bc-11e2-818d-001e101f4da1} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3317675507-2544114068-4087923622-1000\...\MountPoints2: {8347c7c2-d256-11e2-8372-001e101f8ed0} - J:\AutoRun.exe
HKU\S-1-5-21-3317675507-2544114068-4087923622-1000\...\MountPoints2: {e0e81e57-9fcc-11e3-9072-50465d67d6be} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3317675507-2544114068-4087923622-1000\...\MountPoints2: {e0e81e89-9fcc-11e3-9072-50465d67d6be} - G:\AutoRun.exe
HKU\S-1-5-21-3317675507-2544114068-4087923622-1000\...\MountPoints2: {f6110af9-d019-11e2-9411-50465d67d6be} - G:\AutoRun.exe
HKU\S-1-5-21-3317675507-2544114068-4087923622-1000\...\MountPoints2: {f6110b0f-d019-11e2-9411-50465d67d6be} - G:\AutoRun.exe
IFEO\acad.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\aclauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\acsignapply.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\admigrator.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\adrefman.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\dragon.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\dwgcheckstandards.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\optimizerpro.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pc3exe.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\plu26.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\styexe.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F70A4D42-3A4C-4941-963C-426C98CA4F50} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{3139BFDD-2105-4AAD-B8DF-33655866B2AF}: [NameServer]10.198.220.124 202.126.40.5
Tcpip\..\Interfaces\{C1807A6A-9FEC-44F0-B4D1-BB0F2071600C}: [NameServer]10.198.220.124 202.126.40.5
Tcpip\..\Interfaces\{D963E5F9-74B4-4EC8-BC9C-B17BFEEDE450}: [NameServer]208.67.222.222,208.67.220.220
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nhncorp.com/npNHNSetup,version=2.0.0.12 - C:\Windows\Downloaded Program Files\npNHNSetup.dll (NHN Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Torntv 3 - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-20]
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://google.com/", "https://chrome.google.com/webstore/user/purchases?hl=en", "chrome-extension://lfkgmnnajiljnolcgolmmgnecgldgeld/views/options.html"
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intelu00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intelu00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-07-21]
CHR Extension: (Ancient History Encyclopedia) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2013-07-21]
CHR Extension: (Fruit Ninja HD (Samurai Edition)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknldfkjakifbdbednkjoenifmjgbiod [2013-07-26]
CHR Extension: (Turn Off the Lights) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-07-21]
CHR Extension: (Loupe Collage) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2013-07-21]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-21]
CHR Extension: (Nae-Sarangu003C3) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnmhjklopcifmkcfadclhmaabjifjio [2013-07-26]
CHR Extension: (Bip the Caveboy (Episode 2)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocdiblefidhknchklabbojfoebldcig [2013-07-26]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-21]
CHR Extension: (Photoshop 4U) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\damhoidgnfbiidoiajljbdpgnojmemlf [2013-07-21]
CHR Extension: (Bomomo) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln [2013-07-21]
CHR Extension: (Sumo Paint) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2013-07-21]
CHR Extension: (Chinese Tutor Flashcards) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae [2013-07-21]
CHR Extension: (Pixlr-o-matic) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2013-07-21]
CHR Extension: (Photovisi - Photo Collage Maker) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\emkkfkcbnpdnhgeolpbggbdogfngiadf [2013-09-08]
CHR Extension: (PicMonkey) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-07-26]
CHR Extension: (Full Screen Weather) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-07-21]
CHR Extension: (Hacker Vision) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2013-07-21]
CHR Extension: (Picadilo) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\geljjpapbfokifgnlnpdbiplebdhlein [2013-07-26]
CHR Extension: (Planetarium) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2013-07-21]
CHR Extension: (Translator by Dictionary.com) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\glacllipodbjfijgkcdifnlhmoddlkon [2013-07-21]
CHR Extension: (Learn Korean Free - KoreanClass101.com) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpllochhpaedhafkgknfalcfibdhmae [2013-07-21]
CHR Extension: (PsedCheckeur) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\halojgaacgpmbinkegkpnlakddgdhpnl [2014-01-31]
CHR Extension: (Pixlr Express) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2013-07-21]
CHR Extension: (Pixlr Editor) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2013-07-21]
CHR Extension: (Virtual Piano) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgghepfgikpioaglccmmkekmlmelcid [2013-07-26]
CHR Extension: (Roomstyler 3D planner) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2013-07-21]
CHR Extension: (uTorrent for Google Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjhaafelbmbpohgmabippkndaaikgdih [2013-07-21]
CHR Extension: (Instant Retro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlahmeejnbkdnjnckboeglpfmjbfmopp [2013-07-21]
CHR Extension: (Autodesk Homestyler) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-07-21]
CHR Extension: (SparkChess 7) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2013-07-21]
CHR Extension: (Quick Earth) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2013-07-21]
CHR Extension: (Personal Trainer) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2013-07-21]
CHR Extension: (Smooth Gestures) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2013-07-21]
CHR Extension: (Sketchpad) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2013-07-21]
CHR Extension: (Dragons of Atlantis) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf [2013-07-21]
CHR Extension: (Collage Magick) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefdpodgkhfbhohjhbfdbfobgpgihpg [2013-09-08]
CHR Extension: (Pocket Legends) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2013-07-21]
CHR Extension: (StudyStack) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboldpjijadohjhnkadkdbonjlgbjadd [2013-07-21]
CHR Extension: (Lumosity) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp [2013-07-26]
CHR Extension: (nakshArt) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nokjljgckfgpljgkcfpafigncddfhooj [2013-07-21]
CHR Extension: (My Chrome Theme) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-07-26]
CHR Extension: (Scribble - stickies on steroids) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\offpaifnchmpbnjhjbhpdffahlofdkfb [2013-07-21]
CHR Extension: (Where is the red) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohpblkkbmfceapbolfogbfpkcjdlhonb [2013-07-21]
CHR Extension: (Origami Player) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2013-07-21]
CHR Extension: (Coding the Web) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbinfbikhndabcdlabpcbhggkcdakgfg [2013-07-21]
CHR Extension: (Kitchen King) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgcoehmlllkhjificjjlcpmiiihgbahb [2013-07-21]
CHR Extension: (Simply Recipes) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkkbopifpbfgacfpbemlgpeimkfdnok [2013-07-21]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-21]
CHR Extension: (Writer) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2013-07-21]
CHR Extension: (BodBot âÃÂàPersonal Trainer and Nutritionist) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2013-07-21]
CHR Extension: (dealoPPeak) - C:\ProgramData\ahijepdimgalfamadalmpeinbmiilaak [2013-12-23]
CHR HKCU\...\Chrome\Extension: [bnohhjndppjdcmaenfchdpjbnnbmoihc] - C:\Users\USER\AppData\Local\CRE\bnohhjndppjdcmaenfchdpjbnnbmoihc.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [bnohhjndppjdcmaenfchdpjbnnbmoihc] - C:\Users\USER\AppData\Local\CRE\bnohhjndppjdcmaenfchdpjbnnbmoihc.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [hlcgelbabbnielomhmennbnnmbfjkdhe] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha892\ch\WebexpEnhancedV1alpha892.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [kcpleadnnmjnganenhlffenlgpogbccc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha444\ch\WebexpEnhancedV1alpha444.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2013-06-08] (Autodesk)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-04-14] (SurfRight B.V.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4415624 2012-12-10] (INCA Internet Co., Ltd.)
R2 SbieSvc; F:\Sandboxie\SbieSvc.exe [187592 2014-01-18] (Sandboxie Holdings, LLC)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-10-11] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)
R3 SbieDrv; F:\Sandboxie\SbieDrv.sys [202600 2014-01-18] (Sandboxie Holdings, LLC)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VHidMinidrv; system32\drivers\VHIDMini.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-18 01:13 - 2014-04-18 01:13 - 00023765 _____ () C:\Users\USER\Desktop\FRST.txt
2014-04-18 01:12 - 2014-04-18 01:13 - 00000000 ____D () C:\FRST
2014-04-18 01:11 - 2014-04-18 01:11 - 02158592 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2014-04-16 00:25 - 2014-04-16 00:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\USER\Downloads\UnityWebPlayer.exe
2014-04-14 17:11 - 2014-04-14 17:11 - 00014523 _____ () C:\Users\USER\Desktop\DDS1.txt
2014-04-14 17:09 - 2014-04-14 17:09 - 00014523 _____ () C:\Users\USER\Desktop\dds.txt
2014-04-14 17:06 - 2014-04-14 17:06 - 00688992 ____R (Swearware) C:\Users\USER\Downloads\dds.com
2014-04-14 16:07 - 2014-04-14 16:07 - 00006199 _____ () C:\Users\USER\Desktop\JRT.txt
2014-04-14 16:03 - 2014-04-14 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 16:02 - 2014-04-14 16:02 - 00000000 ____D () C:\AdwCleaner
2014-04-14 16:01 - 2014-04-14 16:01 - 00276768 _____ () C:\Windows\Minidump\041414-6333-01.dmp
2014-04-14 16:00 - 2014-04-14 16:00 - 00031986 _____ () C:\Windows\system32\.crusader
2014-04-14 15:51 - 2014-04-14 15:51 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-14 15:50 - 2014-04-14 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-14 15:50 - 2014-04-14 15:50 - 01426178 _____ () C:\Users\USER\Downloads\adwcleaner.exe
2014-04-14 15:50 - 2014-04-14 15:50 - 01016261 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2014-04-14 15:50 - 2014-04-14 15:50 - 00002861 _____ () C:\Users\USER\Desktop\RKreport[0]_S_04142014_155005.txt
2014-04-14 15:49 - 2014-04-14 15:50 - 10971424 _____ (SurfRight B.V.) C:\Users\USER\Downloads\HitmanPro_x64.exe
2014-04-14 15:48 - 2014-04-14 15:48 - 00001810 _____ () C:\Users\USER\Desktop\RKreport[0]_D_04142014_154830.txt
2014-04-14 15:47 - 2014-04-14 15:47 - 00002792 _____ () C:\Users\USER\Desktop\RKreport[0]_S_04142014_154759.txt
2014-04-14 15:46 - 2014-04-14 15:46 - 00003156 _____ () C:\Users\USER\Desktop\RKreport[0]_S_04142014_154627.txt
2014-04-14 15:46 - 2014-04-14 15:46 - 00002200 _____ () C:\Users\USER\Desktop\RKreport[0]_D_04142014_154632.txt
2014-04-14 15:44 - 2014-04-14 15:53 - 00000000 ____D () C:\Users\USER\Desktop\RK_Quarantine
2014-04-14 15:43 - 2014-04-14 15:44 - 03972608 _____ () C:\Users\USER\Downloads\RogueKiller.exe
2014-04-14 15:18 - 2014-04-14 16:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 15:17 - 2014-04-14 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 15:17 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 15:17 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 15:17 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 15:15 - 2014-04-14 15:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\USER\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 15:10 - 2014-04-14 15:13 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\USER\Downloads\tdsskiller.exe
2014-04-14 15:04 - 2014-04-14 15:04 - 00000000 ____D () C:\Users\USER\Documents\My Cheat Tables
2014-04-04 00:05 - 2014-04-04 00:05 - 00000000 ____D () C:\Users\USER\Documents\Logitech Gaming Software
2014-04-03 21:08 - 2014-04-03 23:27 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-04-03 21:08 - 2014-04-03 23:27 - 00000774 _____ () C:\Windows\LkmdfCoInst.log
2014-04-03 21:08 - 2014-04-03 21:08 - 00000000 ____D () C:\Users\USER\AppData\Local\Logitech
2014-04-03 21:08 - 2014-04-03 21:08 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-04-03 21:08 - 2014-04-03 21:08 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Logitech
2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Logishrd
2014-04-03 20:55 - 2014-04-03 21:07 - 55906432 _____ (Logitech Inc.) C:\Users\USER\Downloads\LGS_8.52.15_x64_Logitech (1).exe
2014-04-03 20:32 - 2014-04-03 20:51 - 22331299 _____ (Logitech Inc.) C:\Users\USER\Downloads\LGS_8.52.15_x64_Logitech.exe
2014-04-03 20:25 - 2014-04-03 20:26 - 17667013 _____ (Logitech Inc.) C:\Users\USER\Downloads\Unconfirmed 422319.crdownload
 
==================== One Month Modified Files and Folders =======
 
2014-04-18 01:13 - 2014-04-18 01:13 - 00023765 _____ () C:\Users\USER\Desktop\FRST.txt
2014-04-18 01:13 - 2014-04-18 01:12 - 00000000 ____D () C:\FRST
2014-04-18 01:11 - 2014-04-18 01:11 - 02158592 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2014-04-18 00:35 - 2013-07-15 23:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 00:18 - 2009-07-14 12:45 - 00047296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 00:18 - 2009-07-14 12:45 - 00047296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 23:39 - 2013-06-04 14:28 - 01255270 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 22:22 - 2009-07-14 13:13 - 00783334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 22:16 - 2013-07-15 23:19 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 22:16 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 22:16 - 2009-07-14 12:51 - 00160298 _____ () C:\Windows\setupact.log
2014-04-17 15:07 - 2014-03-04 12:40 - 00001842 _____ () C:\Windows\Sandboxie.ini
2014-04-17 02:00 - 2013-07-09 12:57 - 00000000 ____D () C:\Users\USER\AppData\Local\Adobe
2014-04-16 23:36 - 2013-06-23 01:47 - 00000000 ____D () C:\Users\USER\Documents\Thesis
2014-04-16 07:04 - 2013-12-06 21:46 - 00000000 ____D () C:\Users\USER\Documents\Jessica's files
2014-04-16 00:25 - 2014-04-16 00:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\USER\Downloads\UnityWebPlayer.exe
2014-04-16 00:25 - 2014-01-20 02:33 - 00000000 ____D () C:\Users\USER\AppData\Local\Unity
2014-04-15 13:56 - 2010-11-21 11:47 - 00134656 _____ () C:\Windows\PFRO.log
2014-04-14 17:11 - 2014-04-14 17:11 - 00014523 _____ () C:\Users\USER\Desktop\DDS1.txt
2014-04-14 17:09 - 2014-04-14 17:09 - 00014523 _____ () C:\Users\USER\Desktop\dds.txt
2014-04-14 17:06 - 2014-04-14 17:06 - 00688992 ____R (Swearware) C:\Users\USER\Downloads\dds.com
2014-04-14 16:31 - 2014-04-14 15:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 16:27 - 2013-09-05 22:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-04-14 16:27 - 2013-06-08 17:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 16:07 - 2014-04-14 16:07 - 00006199 _____ () C:\Users\USER\Desktop\JRT.txt
2014-04-14 16:05 - 2014-04-14 15:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-14 16:03 - 2014-04-14 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 16:02 - 2014-04-14 16:02 - 00000000 ____D () C:\AdwCleaner
2014-04-14 16:01 - 2014-04-14 16:01 - 00276768 _____ () C:\Windows\Minidump\041414-6333-01.dmp
2014-04-14 16:01 - 2013-10-09 19:36 - 643987100 _____ () C:\Windows\MEMORY.DMP
2014-04-14 16:01 - 2013-10-09 19:36 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 16:00 - 2014-04-14 16:00 - 00031986 _____ () C:\Windows\system32\.crusader
2014-04-14 16:00 - 2013-09-05 22:56 - 00000000 ____D () C:\Users\USER\Downloads\vb6
2014-04-14 15:53 - 2014-04-14 15:44 - 00000000 ____D () C:\Users\USER\Desktop\RK_Quarantine
2014-04-14 15:51 - 2014-04-14 15:51 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-14 15:50 - 2014-04-14 15:50 - 01426178 _____ () C:\Users\USER\Downloads\adwcleaner.exe
2014-04-14 15:50 - 2014-04-14 15:50 - 01016261 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2014-04-14 15:50 - 2014-04-14 15:50 - 00002861 _____ () C:\Users\USER\Desktop\RKreport[0]_S_04142014_155005.txt
2014-04-14 15:50 - 2014-04-14 15:49 - 10971424 _____ (SurfRight B.V.) C:\Users\USER\Downloads\HitmanPro_x64.exe
2014-04-14 15:48 - 2014-04-14 15:48 - 00001810 _____ () C:\Users\USER\Desktop\RKreport[0]_D_04142014_154830.txt
2014-04-14 15:47 - 2014-04-14 15:47 - 00002792 _____ () C:\Users\USER\Desktop\RKreport[0]_S_04142014_154759.txt
2014-04-14 15:46 - 2014-04-14 15:46 - 00003156 _____ () C:\Users\USER\Desktop\RKreport[0]_S_04142014_154627.txt
2014-04-14 15:46 - 2014-04-14 15:46 - 00002200 _____ () C:\Users\USER\Desktop\RKreport[0]_D_04142014_154632.txt
2014-04-14 15:44 - 2014-04-14 15:43 - 03972608 _____ () C:\Users\USER\Downloads\RogueKiller.exe
2014-04-14 15:23 - 2014-03-18 21:52 - 00000000 ____D () C:\ProgramData\LuuckyCOupon
2014-04-14 15:23 - 2014-02-14 03:29 - 00000000 ____D () C:\ProgramData\ssaaVuinshouPP
2014-04-14 15:23 - 2014-01-31 04:44 - 00000000 ____D () C:\ProgramData\PsedCheckeur
2014-04-14 15:23 - 2013-12-23 20:32 - 00000000 ____D () C:\ProgramData\dealoPPeak
2014-04-14 15:23 - 2013-12-23 20:32 - 00000000 ____D () C:\ProgramData\ApptoU
2014-04-14 15:23 - 2013-08-01 19:45 - 00000000 ____D () C:\Users\USER\AppData\Local\SwvUpdater
2014-04-14 15:23 - 2013-07-08 02:30 - 00000000 ____D () C:\ProgramData\saaFe sAve
2014-04-14 15:17 - 2014-04-14 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 15:16 - 2014-04-14 15:15 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\USER\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 15:13 - 2014-04-14 15:10 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\USER\Downloads\tdsskiller.exe
2014-04-14 15:04 - 2014-04-14 15:04 - 00000000 ____D () C:\Users\USER\Documents\My Cheat Tables
2014-04-04 00:05 - 2014-04-04 00:05 - 00000000 ____D () C:\Users\USER\Documents\Logitech Gaming Software
2014-04-03 23:27 - 2014-04-03 21:08 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-04-03 23:27 - 2014-04-03 21:08 - 00000774 _____ () C:\Windows\LkmdfCoInst.log
2014-04-03 21:08 - 2014-04-03 21:08 - 00000000 ____D () C:\Users\USER\AppData\Local\Logitech
2014-04-03 21:08 - 2014-04-03 21:08 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-04-03 21:08 - 2014-04-03 21:08 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Logitech
2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Logishrd
2014-04-03 21:07 - 2014-04-03 20:55 - 55906432 _____ (Logitech Inc.) C:\Users\USER\Downloads\LGS_8.52.15_x64_Logitech (1).exe
2014-04-03 20:51 - 2014-04-03 20:32 - 22331299 _____ (Logitech Inc.) C:\Users\USER\Downloads\LGS_8.52.15_x64_Logitech.exe
2014-04-03 20:26 - 2014-04-03 20:25 - 17667013 _____ (Logitech Inc.) C:\Users\USER\Downloads\Unconfirmed 422319.crdownload
2014-04-03 09:51 - 2014-04-14 15:17 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 15:17 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 15:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
Files to move or delete:
====================
C:\Users\USER\mycolors_setup_dell_preload_03-16-2011.exe
 
 
Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\ntdll_dump.dll
C:\Users\USER\AppData\Local\Temp\uninst1.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-06-14 02:07] - [2011-02-25 14:19] - 2388992 ____A (Microsoft Corporation) A9513BCC20BAF7B052599AD9A8C71164
 
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-09 04:57
 
==================== End Of Log ============================

from Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014
Ran by USER at 2014-04-18 01:13:52
Running from C:\Users\USER\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30129 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{95C72239-576E-E2B4-2828-4D0AC8AB05BF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80129.1536 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeblade (HKLM-x32\...\Steam App 207230) (Version:  - CodeBrush Games)
AutoCAD 2008 - English (HKLM\...\AutoCAD 2008 - English) (Version: 17.1.51.0 - Autodesk)
AutoCAD 2008 - English (Version: 17.1.51.0 - Autodesk) Hidden
Autodesk DWF Viewer 7 (HKLM-x32\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J220 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Call of Juarez Gunslinger © Ubisoft version 1 (HKLM-x32\...\Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1) (Version: 1 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
CollageIt 1.9.3 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: 1.9.3 - PearlMountain Technology Co., Ltd)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 23.4.1.0 - COMODO)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DMC Devi May Cry © Capcom version 1 (HKLM-x32\...\DMC Devi May Cry © Capcom_is1) (Version: 1 - )
DragonSaga (HKLM-x32\...\{21E06FCC-CB87-493D-A4F0-6ECB18A66E2C}_is1) (Version: 0.1.35 - NHN Singapore)
DreamScene Seven version 1.6 (HKLM-x32\...\{2367FAB6-057A-4973-875F-F57F7BBBA363}_is1) (Version: 1.6 - DREAMSCENESEVEN.COM)
Globe Broadband (HKLM-x32\...\Globe Broadband) (Version: 11.300.05.20.158 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 28.0.1500.72 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
InfiniteCrisis_D6DE87D039E6 (HKLM-x32\...\InfiniteCrisis_D6DE87D039E6) (Version:  - Turbine, Inc)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
K-Lite Codec Pack 9.8.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.5 - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{62577E41-C350-3D07-97C8-2B6CDB4BAD60}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Need for Speed™ Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
ObjectDock Plus (HKLM-x32\...\ObjectDock Plus) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Popcap Game Collection (HKLM-x32\...\{69EA986B-B172-4FAA-B54D-853BD3A2B264}) (Version: 1.00.0000 - Popcap)
Prince of Persia The Forgotten Sands™ (HKLM-x32\...\{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}) (Version: 1.0 - Ubisoft)
Prince of Qin (HKLM-x32\...\Prince of Qin_is1) (Version:  - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.2 r2161 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Republic Heroes (HKCU\...\{5612C844-55BC-4B77-82C2-A2E28962418E}) (Version: 1.00.0000 - LucasArts)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Sonic & SEGA All-Stars Racing (HKLM-x32\...\{B1371574-4B13-4D3E-8F47-48C698732B00}) (Version: 1.00.0000 - SEGA)
Stardock MyColors (x32 Version: 2.75.00 - Stardock Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Street Fighter X Tekken (HKLM-x32\...\{43430FA5-AF68-4A2D-A7D4-891000008200}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version:  - GOG.com)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.124 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.124 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.4000.124 - TuneUp Software) Hidden
Two Worlds II (HKLM-x32\...\Two Worlds II) (Version: 1.0.0 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
USB Disk Security 5.1.0.15 (HKLM-x32\...\USB Disk Security_is1) (Version:  - zbshareware, Inc.)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viking - Battle for Asgard (HKLM-x32\...\Viking - Battle for Asgard_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
YTD Video Downloader 4.4 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.4 - GreenTree Applications SRL)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0918ACF9-603E-48CF-B5AB-97896F13BC9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {47BCA681-4E5A-4B44-9E99-49B34A9CAB7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {752A091F-7267-490D-B94B-2F73BDA0F9FE} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {8073D57E-AE76-474B-B88C-DD351C2558F0} - System32\Tasks\AdobeAAMUpdater-1.0-ADMIN-USER => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {B42740AB-1DA8-4472-8280-BFFA0F8BB176} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-10-11] (TuneUp Software)
Task: {BA187C8D-13B2-492D-91F3-3F463AEAFD3A} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-11 00:47 - 2011-02-11 00:47 - 00100656 _____ () C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
2013-10-11 15:26 - 2013-10-11 15:26 - 00753464 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2013-10-30 04:45 - 2013-10-30 04:45 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2013-10-30 04:45 - 2013-10-30 04:45 - 00798392 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-10-30 04:41 - 2013-10-30 04:41 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2013-10-30 04:41 - 2013-10-30 04:41 - 00058880 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2013-10-30 04:41 - 2013-10-30 04:41 - 00025088 _____ () C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-16 00:26 - 2013-07-13 02:48 - 00601552 _____ () C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
2013-07-16 00:26 - 2013-07-13 02:48 - 00123344 _____ () C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
2013-07-16 00:26 - 2013-07-13 02:49 - 04052944 _____ () C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
2013-07-16 00:26 - 2013-07-13 02:49 - 00396240 _____ () C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
2013-07-16 00:26 - 2013-07-13 02:48 - 01597392 _____ () C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
2013-07-16 00:26 - 2013-07-13 02:49 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
2013-06-04 14:30 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5
AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/18/2014 01:11:23 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/18/2014 00:05:25 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
 
Error: (04/18/2014 00:05:25 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
Error: (04/17/2014 10:18:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/17/2014 10:17:01 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/17/2014 10:15:55 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/17/2014 07:55:27 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
 
Error: (04/17/2014 07:55:27 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
Error: (04/17/2014 07:44:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/17/2014 05:54:21 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
 
System errors:
=============
Error: (04/17/2014 05:54:33 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/17/2014 05:54:32 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/17/2014 05:54:32 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/17/2014 05:54:31 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/17/2014 05:54:31 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/15/2014 00:39:54 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (04/14/2014 08:17:05 PM) (Source: LsaSrv) (User: NT AUTHORITY)
Description: An anonymous session connected from ADMIN has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.
 The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.
 This message will be logged at most once a day.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 18%
Total physical RAM: 16335.72 MB
Available physical RAM: 13296.84 MB
Total Pagefile: 32669.64 MB
Available Pagefile: 28959.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (SSD) (Fixed) (Total:238.47 GB) (Free:100.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:1862.92 GB) (Free:1184.81 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:465.73 GB) (Free:14.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C2E9C874)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198732414976) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: C2E9C80C)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0004A183)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
and from searching "rpcss.dll"
 
Farbar Recovery Scan Tool (x64) Version: 17-04-2014
Ran by USER at 2014-04-18 01:18:19
Running from C:\Users\USER\Desktop
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-21 11:24] - [2010-11-21 11:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2010-11-21 11:24] - [2010-11-21 11:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
====== End Of Search ======

 


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 AM

Posted 18 April 2014 - 06:18 AM


Hello gavguinitaran

Ok lets see if we can find a replacement for the infected file

run FRST like you did before

Type the following in the edit box after "Search:".

explorer.exe

It then should look like:

Search: explorer.exe

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gavguinitaran

gavguinitaran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 18 April 2014 - 07:19 AM

Here is the result log for explorer.exe sir Gringo:

Farbar Recovery Scan Tool (x64) Version: 17-04-2014
Ran by USER at 2014-04-18 20:18:03
Running from C:\Users\USER\Desktop
Boot Mode: Normal
 
================== Search: "explorer.exe" ===================
 
C:\Windows\explorer.exe
[2013-06-14 02:07] - [2011-02-25 14:19] - 2388992 ____A (Microsoft Corporation) A9513BCC20BAF7B052599AD9A8C71164
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012-02-24 13:43] - [2011-02-26 13:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2012-02-24 13:43] - [2011-02-25 13:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010-11-21 11:24] - [2010-11-21 11:24] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2012-02-24 13:43] - [2011-02-26 14:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012-02-24 13:43] - [2011-02-25 14:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010-11-21 11:24] - [2010-11-21 11:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24
 
C:\Windows\SysWOW64\explorer.exe
[2012-02-24 13:43] - [2011-02-25 13:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E
 
====== End Of Search ======


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 AM

Posted 18 April 2014 - 07:40 AM

Hello gavguinitaran



I need you to download this script I have made for you --> Attached File  fixlist.txt   484bytes   6 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gavguinitaran

gavguinitaran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 18 April 2014 - 08:08 AM

After i downloaded the fixlist.txt, i ran the FRST program and clicked fix, it made me restart the computer via notification that the system needed to reboot.
sir Gringo, here is the log for fixlog.txt after the system was reboot:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014
Ran by USER at 2014-04-18 21:04:36 Run:1
Running from C:\Users\USER\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe C:\Windows\explorer.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
 
*****************
 
C:\Windows\explorer.exe => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe copied successfully to C:\Windows\explorer.exe
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\xz123@ya456.com => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\12x3q@3244516.com => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 AM

Posted 18 April 2014 - 02:39 PM



Hello gavguinitaran

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gavguinitaran

gavguinitaran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 19 April 2014 - 05:55 PM

Sir Gringo, here is the log from AdwCleaner after the reboot:
"
# AdwCleaner v3.024 - Report created 19/04/2014 at 10:21:19
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : USER - ADMIN
# Running from : C:\Users\USER\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ApptoU
Folder Deleted : C:\ProgramData\LuuckyCOupon
Folder Deleted : C:\ProgramData\saaFe sAve
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\USERs\USER\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\USERs\USER\AppData\Local\PackageAware
Folder Deleted : C:\USERs\USER\AppData\Local\SwvUpdater
Folder Deleted : C:\USERs\USER\AppData\Local\Temp\apn
Folder Deleted : C:\USERs\USER\AppData\Local\Temp\mt_ffx
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6202 octets] - [14/04/2014 16:02:25]
AdwCleaner[R1].txt - [2981 octets] - [19/04/2014 10:20:53]
AdwCleaner[S0].txt - [2960 octets] - [19/04/2014 10:21:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3020 octets] ##########
"
 
and from the JRT;
"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Enterprise x64
Ran by USER on Sat 04/19/2014 at 10:27:16.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/19/2014 at 10:28:24.00
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"

The computer is running great; the ads have been removed.
As for the time being, i have opened several tabs and the ad notifications and audio ads have been (so far) out of sight.
An overflowing amount of Gratitude i owe to you Sir Gringo! i commend and extend a great deal of thanks for providing me with superb quality service and help, i wish you more power and God speed in your line of duty!
again, Thank you and it would be pleasing to me if i could repay your valiant effort if it be possible!



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 AM

Posted 19 April 2014 - 08:18 PM


Hello gavguinitaran

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gavguinitaran

gavguinitaran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 20 April 2014 - 11:44 AM

Sir Gringo, here is the log from Combo fix:

"

ComboFix 14-04-20.01 - USER 04/21/2014   0:27.1.8 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.16336.14266 [GMT 8:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\PurpleLog
c:\windows\Downloaded Program Files\PurpleLog\purplelog_20131002.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-20 to 2014-04-20  )))))))))))))))))))))))))))))))
.
.
2014-04-17 17:12 . 2014-04-18 13:04 -------- d-----w- C:\FRST
2014-04-14 08:03 . 2014-04-14 08:03 -------- d-----w- c:\windows\ERUNT
2014-04-14 08:02 . 2014-04-19 02:21 -------- d-----w- C:\AdwCleaner
2014-04-14 07:51 . 2014-04-14 07:51 -------- d-----w- c:\program files\HitmanPro
2014-04-14 07:50 . 2014-04-14 08:05 -------- d-----w- c:\programdata\HitmanPro
2014-04-14 07:18 . 2014-04-14 08:31 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-14 07:17 . 2014-04-14 07:17 -------- d-----w- c:\programdata\Malwarebytes
2014-04-14 07:17 . 2014-04-03 01:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-14 07:17 . 2014-04-03 01:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-14 07:17 . 2014-04-03 01:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-03 13:08 . 2014-04-03 13:08 -------- d-----w- c:\programdata\LogiShrd
2014-04-03 13:08 . 2014-04-03 13:08 -------- d-----w- c:\users\USER\AppData\Local\Logitech
2014-04-03 13:08 . 2014-04-03 15:27 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-04-03 13:08 . 2014-04-03 13:08 -------- d-----w- c:\program files\Logitech Gaming Software
2014-04-03 13:07 . 2014-04-03 13:07 -------- d-----w- c:\users\USER\AppData\Roaming\Logitech
2014-04-03 13:07 . 2014-04-03 13:07 -------- d-----w- c:\users\USER\AppData\Roaming\Logishrd
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 17:32 . 2014-03-05 08:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF2F5B65-D4DA-4CC9-9543-676C4D5086D2}\mpengine.dll
2014-01-27 01:58 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="f:\sandboxie\SbieCtrl.exe" [2014-01-17 759496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"USB Antivirus"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-01-29 642656]
.
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-30 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BrStsMon00"=c:\program files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"ControlCenter3"=c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IvtAudioBusSrv;IvtAudioBusSrv;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 IvtComBusSrv;IvtComBusSrv;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
R3 IvtPanBusSrv;IvtPanBusSrv;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-18 13:20 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 15:19]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-02-27 8294680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{3139BFDD-2105-4AAD-B8DF-33655866B2AF}: NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{C1807A6A-9FEC-44F0-B4D1-BB0F2071600C}: NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{D963E5F9-74B4-4EC8-BC9C-B17BFEEDE450}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F7614CC-F33A-4877-8814-49856F441F3C} - c:\programdata\{7F2BC0E2-0100-4D40-97C5-06B288973263}\MyColors.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2014-04-21  00:31:27 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-20 16:31
.
Pre-Run: 108,513,177,600 bytes free
Post-Run: 108,348,764,160 bytes free
.
- - End Of File - - 73443B32EF50D14ACA01C627BB9688A0
A36C5E4F47E84449FF07ED3517B43A31
"
there were no problems running the program, and since the usage of AdwCleaner and JRT up to date, the audio ads have been gone.
though it seems that my internet connection is slowing down; i may experience slow connection from my service provider.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 AM

Posted 20 April 2014 - 03:01 PM


Hello gavguinitaran

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gavguinitaran

gavguinitaran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 21 April 2014 - 11:46 AM

Here is the log from Combofix sir Gringo:
"ComboFix 14-04-20.01 - USER 04/21/2014   8:56.2.8 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.16336.14607 [GMT 8:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
Command switches used :: c:\users\USER\Desktop\CFScript - Copy.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-21 to 2014-04-21  )))))))))))))))))))))))))))))))
.
.
2014-04-21 00:59 . 2014-04-21 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-17 17:12 . 2014-04-18 13:04 -------- d-----w- C:\FRST
2014-04-14 08:03 . 2014-04-14 08:03 -------- d-----w- c:\windows\ERUNT
2014-04-14 08:02 . 2014-04-19 02:21 -------- d-----w- C:\AdwCleaner
2014-04-14 07:51 . 2014-04-14 07:51 -------- d-----w- c:\program files\HitmanPro
2014-04-14 07:50 . 2014-04-14 08:05 -------- d-----w- c:\programdata\HitmanPro
2014-04-14 07:18 . 2014-04-14 08:31 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-14 07:17 . 2014-04-14 07:17 -------- d-----w- c:\programdata\Malwarebytes
2014-04-14 07:17 . 2014-04-03 01:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-14 07:17 . 2014-04-03 01:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-14 07:17 . 2014-04-03 01:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-03 13:08 . 2014-04-03 13:08 -------- d-----w- c:\programdata\LogiShrd
2014-04-03 13:08 . 2014-04-03 13:08 -------- d-----w- c:\users\USER\AppData\Local\Logitech
2014-04-03 13:08 . 2014-04-03 15:27 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-04-03 13:08 . 2014-04-03 13:08 -------- d-----w- c:\program files\Logitech Gaming Software
2014-04-03 13:07 . 2014-04-03 13:07 -------- d-----w- c:\users\USER\AppData\Roaming\Logitech
2014-04-03 13:07 . 2014-04-03 13:07 -------- d-----w- c:\users\USER\AppData\Roaming\Logishrd
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 17:32 . 2014-03-05 08:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF2F5B65-D4DA-4CC9-9543-676C4D5086D2}\mpengine.dll
2014-01-27 01:58 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="f:\sandboxie\SbieCtrl.exe" [2014-01-17 759496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"USB Antivirus"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-01-29 642656]
.
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-30 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BrStsMon00"=c:\program files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"ControlCenter3"=c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IvtAudioBusSrv;IvtAudioBusSrv;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 IvtComBusSrv;IvtComBusSrv;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
R3 IvtPanBusSrv;IvtPanBusSrv;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-18 13:20 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 15:19]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-02-27 8294680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{3139BFDD-2105-4AAD-B8DF-33655866B2AF}: NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{C1807A6A-9FEC-44F0-B4D1-BB0F2071600C}: NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{D963E5F9-74B4-4EC8-BC9C-B17BFEEDE450}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F7614CC-F33A-4877-8814-49856F441F3C} - c:\programdata\{7F2BC0E2-0100-4D40-97C5-06B288973263}\MyColors.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-21  09:00:03
ComboFix-quarantined-files.txt  2014-04-21 01:00
ComboFix2.txt  2014-04-20 16:31
.
Pre-Run: 108,272,545,792 bytes free
Post-Run: 108,212,641,792 bytes free
.
- - End Of File - - F449C3E99EBF9384DF0AB94ABC9FCB19
A36C5E4F47E84449FF07ED3517B43A31
"
 
for some odd reason, i heard an ad playing in the background while i was browsing.. im not sure if the audio ad came from the site or from my computer. its a different ad compared to the one ive always heard before.
i was quite shocked that the audio was playing whilst i never opened a video or the such. i didnt download anything since the first day of the repair, i only downloaded the programs you recommended.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 AM

Posted 21 April 2014 - 12:38 PM


Hello gavguinitaran

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gavguinitaran

gavguinitaran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 21 April 2014 - 05:50 PM

Here it is sir Gringo:

"µTorrent

Adobe Photoshop CC
Adobe Reader X (10.1.8)
Apple Application Support
Apple Software Update
Archeblade
Autodesk DWF Viewer 7
Brother MFL-Pro Suite MFC-J220
Call of Juarez Gunslinger © Ubisoft version 1
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CollageIt 1.9.3
Comodo Dragon
Crysis®3
Dead Space™ 3
DivX Setup
DMC Devi May Cry © Capcom version 1
DragonSaga
DreamScene Seven version 1.6
Globe Broadband
Google Chrome
Google Update Helper
High-Definition Video Playback 10
InfiniteCrisis_D6DE87D039E6
Intel® Management Engine Components
K-Lite Codec Pack 9.8.5 (Standard)
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 2.0.1.1004
Max Payne 3
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Need for Speed™ Hot Pursuit
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero Control Center 10
Nero Core Components 10
Nero Dolby Files 10
Nero Express 10
Nero Multimedia Suite 10
Nokia Connectivity Cable Driver
NVIDIA PhysX
ObjectDock Plus
PC Connectivity Solution
PDF Settings CC
Popcap Game Collection
Prince of Persia The Forgotten Sands™
Prince of Qin
QuickTime
Rainmeter
Realtek Ethernet Controller Driver
Republic Heroes
RESIDENT EVIL 5
RocketDock 1.3.5
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sonic & SEGA All-Stars Racing
Stardock MyColors
Steam
Street Fighter X Tekken
The Witcher 2 - Assassins of Kings Enhanced Edition
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Two Worlds II
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Disk Security 5.1.0.15
VBA (2627.01)
VC80CRTRedist - 8.0.50727.6195
Viking - Battle for Asgard
VirtualCloneDrive
"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users