Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Default browser hijacked, opening new tabs on its own!


  • This topic is locked This topic is locked
14 replies to this topic

#1 Crank4

Crank4

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 30 April 2014 - 12:06 PM

First of all thanks so much for taking some time to look at this problem. Basically whichever browser i have set to default (tried waterfox, IE, and Chrome) it will open to the following website or once the browser is already open it will continually keep opening new tabs to this site every minute or so. There webpage shows blank on my browsers.

 

(http://bidr.trellian.com/r2.php?e=YPEC5m4ENXkTeshL2U8CDR5Ppei5pEbu9JX8Yfr6%2B0dG3oIvAHJHFZBj8MnIy9Nl9MJBIU1XUyZxMU2loRbf3BdoGamx9zLfCotKwkrYu3y8MpaDZSP6ESHIU1DPS37aapQJl8EpFC1byegR%2FGRdFviRUaYOeXSLd%2FsmBU49ENwrC6DoxcvUlJwRzbs%2FUzmkvEZ2XSCLyhDt9W5VBIlL1qYj1a8ej0%2B8J69BOIIDthtuQrPDG%2FEqR5Kz4u6PE5qFukW5FmHtC1SL%2FbWP2zY%2BTlErut%2BvWqeYViFw0ivmGXOxA%2BTRiPihQH6JJs23X45tii4PLduqQJR5lZ6Jm7HIH44y6gfDgaOc7MK2tTVHQNnLKFiL9IQsuEfh%2FkSAPZlK9idh2SZgoh0DgcjtnY0vcTiGp8xO1dW876EUVwszZh50PMvIgL%2BkdRfgwkpQs4sjF%2Bm7p6P%2FroQwoVA9XCq7QkKUziv3drzBkf%2BFmCbP7zd%2Bi75DFdDBfAzvPdBwMz4Hwet4CX2cIJQo6dHB%2FOXhe4qZCAD46t6zPAPswC%2BbwSh%2B3vBrUZZzhM4m4KvcKwHCItvKPVhe65HtZvVK7mR6DIDYRKZFWUAb) or once the browser is already open it will continually keep opening new tabs to this site every minute or so. There webpage shows blank on my browsers.

 

Holy crap for the first time after about a couple weeks of this all of a sudden while typing this post my broswer just opened about 8 tabs at once. First was Searchnet.com and all the rest were salestores.com. It is still doing the bidr.trellian website every minute or so.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Fredin at 12:51:36 on 2014-04-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8119.4627 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Fredin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Bywifi\bywifi.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Waterfox\waterfox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Fredin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360111p306p04d5v1h5k4521r32o
uProxyOverride = local
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
BHO: BywifiBHO Class: {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files (x86)\Bywifi\bywifiie.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [222326074CC17C29240A03873AEE5E833F642FE6._service_run] "C:\Users\Fredin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [bywifi] C:\Program Files (x86)\Bywifi\bywifi.exe
uRun: [Google Update] "C:\Users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [lxdnmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe"
mRun: [BackupSoft] "\RunRedem.exe" /STARTUP
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [bywifi] C:\Program Files (x86)\Bywifi\bywifi.exe
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Fredin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Fredin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Fredin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOHO~1.LNK - C:\Program Files\AutoHotkey\AutoHotkey.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{62576F06-296F-4656-B373-285F1ACFE0DD} : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{62576F06-296F-4656-B373-285F1ACFE0DD}\2696F64736860266275656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A246A9E3-6A3A-44D5-87B5-497110F216AD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BE17C302-B223-44D4-9332-948098A04CAB} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
x64-Run: [lxdnamon] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: AveVistaBackgroundFolder Class - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - C:\Users\Fredin\Downloads\Visual 7\AveFolderBGW764Bit\VistaFolderBackground.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-1-30 36448]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-18 237336]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-4-1 34392]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-18 3645456]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-2-20 1243024]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-10 2314240]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-1 240160]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-3-30 39464]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-3-30 294952]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-3-30 32296]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-3-30 202792]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-3-30 53800]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-3-30 154792]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-3-30 264232]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-12-1 283824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-1 56344]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-3-30 55336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2013-1-13 22704]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-24 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-24 119512]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-8 178760]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe [2012-7-7 68760]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2011-2-12 1816968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-11 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-2 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
S4 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2014-04-30 16:22:55    --------    d-----w-    C:\Users\Fredin\AppData\Roaming\DropboxMaster
2014-04-30 07:00:35    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-04-30 02:53:57    465408    ----a-w-    C:\Windows\System32\aepdu.dll
2014-04-30 02:53:57    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-04-29 01:29:23    --------    d-----w-    C:\Users\Fredin\AppData\Roaming\AVG2014
2014-04-29 01:28:21    --------    d--h--w-    C:\$AVG
2014-04-29 01:28:21    --------    d-----w-    C:\ProgramData\AVG2014
2014-04-25 23:56:11    --------    d-----w-    C:\Users\Fredin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-25 23:55:58    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-04-25 23:55:22    --------    d-----w-    C:\Users\Fredin\AppData\Local\MFAData
2014-04-25 23:55:22    --------    d-----w-    C:\Users\Fredin\AppData\Local\Avg2014
2014-04-25 23:55:22    --------    d-----w-    C:\ProgramData\MFAData
2014-04-25 20:24:36    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-04-25 20:24:33    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6819250-8D9C-4905-B097-9572ED739016}\mpengine.dll
2014-04-25 03:13:50    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2014-04-25 03:00:17    --------    d-sh--w-    C:\Users\Fredin\AppData\Local\EmieUserList
2014-04-25 03:00:17    --------    d-sh--w-    C:\Users\Fredin\AppData\Local\EmieSiteList
2014-04-25 02:42:03    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-25 02:36:18    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-04-25 02:36:15    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 02:31:38    423240    ----a-w-    C:\Windows\System32\drivers\imhakecw.sys
2014-04-25 02:31:38    --------    d-----w-    C:\ProgramData\AVAST Software
2014-04-24 05:39:58    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-04-24 05:39:13    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-04-24 05:37:28    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-24 05:18:31    --------    d-----w-    C:\SUPERDelete
2014-04-18 19:01:30    237336    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-04-10 07:20:06    589107    ----a-w-    C:\ProgramData\SPL9FB7.tmp
2014-04-08 01:19:19    --------    d-----w-    C:\Users\Fredin\AppData\Local\ESCORT_Inc
2014-04-08 00:54:44    2152176    ----a-w-    C:\Windows\System32\WUDFUpdate_01009.dll
2014-04-08 00:54:44    1002728    ----a-w-    C:\Windows\System32\WinUSBCoInstaller2.dll
2014-04-08 00:54:44    --------    d-----w-    C:\ESCORT
2014-04-03 11:42:03    589107    ----a-w-    C:\ProgramData\SPL6189.tmp
2014-03-31 20:20:54    274200    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-03-31 20:06:26    130840    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
.
==================== Find3M  ====================
.
2014-04-28 20:05:11    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-28 20:05:11    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-28 02:14:26    192792    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-03-28 02:14:24    153368    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-03-28 02:07:10    236824    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-03-28 02:05:02    324376    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-03-28 02:03:16    32536    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2014-03-06 09:32:16    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-16 03:58:13    816809    ----a-w-    C:\ProgramData\SPL60F.tmp
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
.
============= FINISH: 12:51:50.30 ===============

Attached File  attach.txt   20.34KB   3 downloads

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:21 AM

Posted 02 May 2014 - 03:51 PM

Hi Crank4 and welcome to BC.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


Step 1
Please uninstall the following program:
Bywifi
 

Adware - Changes the start page without your consent. Known to cause pop-up advertisements



Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
Please post both FRST reports with your next reply.

Thanks

BBPP6nz.png


#3 Crank4

Crank4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 02 May 2014 - 09:13 PM

Okay I uninstalled bywifi. (have been using it for well over a year but will play it safe).

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Fredin (administrator) on FREDINPOD-GAIA on 02-05-2014 22:10:21
Running from C:\Users\Fredin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Google Inc.) C:\Users\Fredin\AppData\Local\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Dropbox, Inc.) C:\Users\Fredin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
(Google Inc.) C:\Users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2009-08-31] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [107176 2009-08-31] (Lexmark International Inc.)
HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2009-08-31] ()
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [558168 2010-04-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [349272 2010-04-01] (Atheros Communications)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [lxdnmon.exe] => C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2009-08-31] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe [107176 2009-08-31] (Lexmark International Inc.)
HKLM-x32\...\Run: [BackupSoft] => "\RunRedem.exe" /STARTUP
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7203712 2013-02-11] (Binary Fortress Software)
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Run: [222326074CC17C29240A03873AEE5E833F642FE6._service_run] => C:\Users\Fredin\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Run: [Google Update] => C:\Users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-16] (Google Inc.)
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-08-25] (AMD)
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\MountPoints2: K - K:\Design_Data.exe
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\MountPoints2: {d14498ac-4a31-11e1-ba12-90fba64b6cae} - E:\Launcher.exe
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\MountPoints2: {e467623b-d403-11e0-8ac7-90fba64b6cae} - E:\Launcher.exe
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Winlogon: [Shell] EXPLORER.EXE [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey.lnk
ShortcutTarget: AutoHotkey.lnk -> C:\Program Files\AutoHotkey\AutoHotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Fredin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fredin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Fredin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk
ShortcutTarget: sidebar.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360111p306p04d5v1h5k4521r32o
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x058A9C7D3260CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS417US417
SearchScopes: HKCU - {EA326098-B2F7-4C49-8D84-2DFC88A6F284} URL = http://search.avg.com/route/?d=4daa1b38&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF NetworkProxy: "autoconfig_url", "http://localhost:9000/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Fredin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Fredin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\DeviceDetection@logitech.com [2011-10-04]
FF Extension: Youtube MP3 Podcaster - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2013-09-17]
FF Extension: Default Full Zoom Level - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-02-16]
FF Extension: Tab Badge - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\badge@darktrojan.net.xpi [2012-03-13]
FF Extension: No Name - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\cam@sdrocking.com.xpi [2012-03-19]
FF Extension: Shareaholic - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\firefox-extension@shareaholic.com.xpi [2012-02-04]
FF Extension: Greasefire - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\greasefire@skrul.com.xpi [2012-03-20]
FF Extension: Send Mail in Browser - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\mailinbrowser@permurl.com.xpi [2012-03-19]
FF Extension: SmartVideo For YouTube - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\mytube@ashishmishra.in.xpi [2013-10-14]
FF Extension: Quick Search Bar - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\quicksearch@peter.faj.xpi [2012-03-13]
FF Extension: FastestFox - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\smarterwiki@wikiatic.com.xpi [2011-11-30]
FF Extension: Thumbnail Zoom Plus - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-09-13]
FF Extension: SwiftTabs - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}.xpi [2012-03-20]
FF Extension: Speed Dial - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-07-04]
FF Extension: YouTube High Definition - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2013-10-14]
FF Extension: Preloader (for Firefox) - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{8a8c1ada-2504-45c6-a2d2-265591abbd00}.xpi [2012-03-19]
FF Extension: Fasterfox - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2012-03-19]
FF Extension: Adblock Plus - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Download Statusbar - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-30]
FF Extension: Tab Mix Plus - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Greasemonkey - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-10]
FF Extension: Personas Shuffler - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{f18ce681-59c6-4a25-8ecb-e3e0fd7fbb44}.xpi [2012-03-19]
FF Extension: Theme Font &amp; Size Changer - C:\Users\Fredin\AppData\Roaming\Mozilla\Firefox\Profiles\wz1imis7.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2014-02-16]
FF HKCU\...\Firefox\Extensions: [{A25960B9-026A-11E2-8271-B8AC6F996F26}] - C:\Users\Fredin\AppData\Local\{A25960B9-026A-11E2-8271-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Fredin\AppData\Local\{A25960B9-026A-11E2-8271-B8AC6F996F26}\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR RestoreOnStartup: "translate_accepted_count"
CHR Plugin: (Shockwave Flash) - C:\Users\Fredin\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Fredin\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Fredin\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Fredin\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.6) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Fredin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR HKLM-x32\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Users\Fredin\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-09-19]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
S4 lxdn_device; C:\Windows\system32\lxdncoms.exe [1044648 2009-08-13] ( )
S4 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [594600 2009-08-13] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe [68760 2009-06-13] (SiSoftware)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1021888 2012-10-10] (Enigma Software Group USA, LLC.)
S4 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-01-30] (Asmedia Technology)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-02 22:10 - 2014-05-02 22:10 - 00030880 _____ () C:\Users\Fredin\Downloads\FRST.txt
2014-05-02 22:09 - 2014-05-02 22:10 - 00000000 ____D () C:\FRST
2014-05-02 22:09 - 2014-05-02 22:09 - 02062336 _____ (Farbar) C:\Users\Fredin\Downloads\FRST64.exe
2014-04-30 16:44 - 2014-04-30 16:44 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-30 16:44 - 2014-04-30 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-30 16:44 - 2014-04-30 16:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-30 16:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-30 16:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-30 16:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-30 16:43 - 2014-04-30 16:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Fredin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-30 12:51 - 2014-04-30 12:53 - 00026019 _____ () C:\Users\Fredin\Desktop\dds.txt
2014-04-30 12:51 - 2014-04-30 12:53 - 00020830 _____ () C:\Users\Fredin\Desktop\attach.txt
2014-04-30 12:48 - 2014-04-30 12:48 - 00688992 ____R (Swearware) C:\Users\Fredin\Desktop\dds.com
2014-04-30 12:22 - 2014-04-30 12:22 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-04-30 12:22 - 2014-04-30 12:22 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\DropboxMaster
2014-04-30 12:21 - 2014-05-02 22:05 - 00000728 _____ () C:\Windows\setupact.log
2014-04-30 12:21 - 2014-04-30 12:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-30 12:20 - 2014-04-30 12:20 - 00001264 _____ () C:\Users\Fredin\Documents\cc_20140430_122007.reg
2014-04-30 12:20 - 2014-04-30 12:20 - 00000180 _____ () C:\Users\Fredin\Documents\cc_20140430_122022.reg
2014-04-30 12:19 - 2014-04-30 12:19 - 00065180 _____ () C:\Users\Fredin\Documents\cc_20140430_121944.reg
2014-04-30 03:00 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 22:53 - 2014-04-13 22:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-29 22:53 - 2014-04-13 22:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-28 21:29 - 2014-04-28 21:29 - 00000932 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-28 21:29 - 2014-04-28 21:29 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\AVG2014
2014-04-28 21:29 - 2014-04-28 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-28 21:28 - 2014-04-28 21:29 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-28 21:28 - 2014-04-28 21:28 - 00000000 ___HD () C:\$AVG
2014-04-28 20:19 - 2014-04-28 20:19 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-04-27 19:37 - 2014-04-27 19:37 - 37105694 _____ () C:\Users\Fredin\AppData\Local\census.cache
2014-04-27 19:34 - 2014-04-27 19:34 - 00195330 _____ () C:\Users\Fredin\AppData\Local\ars.cache
2014-04-25 21:32 - 2014-04-25 21:32 - 00000010 _____ () C:\Users\Fredin\AppData\Local\sponge.last.runtime.cache
2014-04-25 21:29 - 2014-04-25 21:29 - 00000036 _____ () C:\Users\Fredin\AppData\Local\housecall.guid.cache
2014-04-25 19:56 - 2014-04-25 19:56 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-25 19:55 - 2014-05-02 22:09 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-25 19:55 - 2014-04-28 21:29 - 00000000 ____D () C:\Users\Fredin\AppData\Local\Avg2014
2014-04-25 19:55 - 2014-04-25 19:55 - 00000000 ____D () C:\Users\Fredin\AppData\Local\MFAData
2014-04-25 19:55 - 2014-04-25 19:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-25 19:55 - 2014-04-25 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-04-25 19:52 - 2014-04-25 19:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-24 23:32 - 2014-05-02 22:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 23:32 - 2014-04-28 16:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-24 23:13 - 2014-04-24 23:13 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-04-24 23:00 - 2014-04-24 23:00 - 00000000 __SHD () C:\Users\Fredin\AppData\Local\EmieUserList
2014-04-24 23:00 - 2014-04-24 23:00 - 00000000 __SHD () C:\Users\Fredin\AppData\Local\EmieSiteList
2014-04-24 22:42 - 2014-05-02 22:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 22:36 - 2014-04-25 19:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 22:36 - 2014-04-25 19:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 22:36 - 2014-04-24 22:36 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-24 22:36 - 2014-04-24 22:36 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-24 22:36 - 2014-04-24 22:36 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-24 22:31 - 2014-04-24 22:31 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\imhakecw.sys
2014-04-24 22:31 - 2014-04-24 22:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-24 03:00 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-24 03:00 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-24 03:00 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-24 03:00 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-24 03:00 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-24 03:00 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-24 03:00 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-24 03:00 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-24 03:00 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-24 03:00 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-24 03:00 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 03:00 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-24 03:00 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-24 03:00 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-24 03:00 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-24 03:00 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-24 03:00 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-24 03:00 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-24 03:00 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-24 03:00 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-24 03:00 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-24 03:00 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-24 03:00 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-24 03:00 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-24 03:00 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-24 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-24 03:00 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-24 03:00 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-24 03:00 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-24 03:00 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-24 03:00 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-24 03:00 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-24 03:00 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-24 03:00 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-24 03:00 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-24 03:00 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-24 03:00 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-24 03:00 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-24 03:00 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-24 03:00 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-24 03:00 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-24 03:00 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-24 03:00 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-24 03:00 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-24 03:00 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-24 03:00 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-24 03:00 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-24 03:00 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-24 01:39 - 2014-04-24 01:39 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-24 01:39 - 2014-04-24 01:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-24 01:39 - 2014-04-24 01:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-24 01:39 - 2014-04-24 01:39 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-24 01:39 - 2014-04-24 01:39 - 00000000 ____D () C:\Program Files\Java
2014-04-24 01:39 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-04-24 01:37 - 2014-04-24 01:37 - 00004100 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-24 01:37 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-24 01:37 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-24 01:37 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-24 01:37 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-24 01:18 - 2014-04-24 01:18 - 00000000 ____D () C:\SUPERDelete
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-10 03:20 - 2014-04-10 03:20 - 00589107 _____ () C:\ProgramData\SPL9FB7.tmp
2014-04-09 08:07 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:07 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 08:07 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 08:07 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 08:07 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 08:07 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 08:07 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 08:07 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 08:07 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 08:07 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 08:07 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 08:07 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:07 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:07 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:07 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:07 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 08:07 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 21:19 - 2014-04-11 01:49 - 00000000 ____D () C:\Users\Fredin\AppData\Local\ESCORT_Inc
2014-04-07 20:55 - 2014-04-11 01:49 - 00000000 ____D () C:\Program Files\DIFX
2014-04-07 20:55 - 2014-04-07 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-04-07 20:54 - 2014-04-11 01:57 - 00000000 ____D () C:\ESCORT
2014-04-07 20:54 - 2014-04-07 20:54 - 02152176 _____ (Microsoft Corporation) C:\Windows\system32\WUDFUpdate_01009.dll
2014-04-07 20:54 - 2014-04-07 20:54 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-04-03 07:42 - 2014-04-03 07:42 - 00589107 _____ () C:\ProgramData\SPL6189.tmp

==================== One Month Modified Files and Folders =======

2014-05-02 22:10 - 2014-05-02 22:10 - 00030880 _____ () C:\Users\Fredin\Downloads\FRST.txt
2014-05-02 22:10 - 2014-05-02 22:09 - 00000000 ____D () C:\FRST
2014-05-02 22:09 - 2014-05-02 22:09 - 02062336 _____ (Farbar) C:\Users\Fredin\Downloads\FRST64.exe
2014-05-02 22:09 - 2014-04-25 19:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-02 22:09 - 2012-03-13 02:01 - 00000000 ____D () C:\Program Files (x86)\Bywifi
2014-05-02 22:07 - 2012-12-22 13:56 - 01945006 _____ () C:\Windows\WindowsUpdate.log
2014-05-02 22:06 - 2014-04-24 22:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 22:06 - 2013-09-02 17:54 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2936265059-4004976660-1058849456-1000UA.job
2014-05-02 22:06 - 2012-11-14 15:26 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Dropbox
2014-05-02 22:06 - 2011-10-20 01:29 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Skype
2014-05-02 22:05 - 2014-04-30 12:21 - 00000728 _____ () C:\Windows\setupact.log
2014-05-02 22:05 - 2014-04-24 23:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-02 22:05 - 2013-09-02 17:54 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2936265059-4004976660-1058849456-1000Core.job
2014-04-30 22:05 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 22:05 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 16:44 - 2014-04-30 16:44 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-30 16:44 - 2014-04-30 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-30 16:44 - 2014-04-30 16:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-30 16:43 - 2014-04-30 16:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Fredin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-30 12:53 - 2014-04-30 12:51 - 00026019 _____ () C:\Users\Fredin\Desktop\dds.txt
2014-04-30 12:53 - 2014-04-30 12:51 - 00020830 _____ () C:\Users\Fredin\Desktop\attach.txt
2014-04-30 12:48 - 2014-04-30 12:48 - 00688992 ____R (Swearware) C:\Users\Fredin\Desktop\dds.com
2014-04-30 12:28 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 12:22 - 2014-04-30 12:22 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-04-30 12:22 - 2014-04-30 12:22 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\DropboxMaster
2014-04-30 12:22 - 2012-11-14 15:27 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-30 12:22 - 2011-01-31 19:20 - 00000000 ___RD () C:\Users\Fredin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-30 12:22 - 2010-03-10 15:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-30 12:22 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-30 12:22 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 12:21 - 2014-04-30 12:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-30 12:20 - 2014-04-30 12:20 - 00001264 _____ () C:\Users\Fredin\Documents\cc_20140430_122007.reg
2014-04-30 12:20 - 2014-04-30 12:20 - 00000180 _____ () C:\Users\Fredin\Documents\cc_20140430_122022.reg
2014-04-30 12:19 - 2014-04-30 12:19 - 00065180 _____ () C:\Users\Fredin\Documents\cc_20140430_121944.reg
2014-04-30 12:19 - 2012-08-13 14:55 - 00000000 ____D () C:\Users\Fredin\AppData\Local\CrashDumps
2014-04-30 12:19 - 2011-06-27 01:06 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Media Player Classic
2014-04-30 03:00 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-28 21:34 - 2009-12-01 04:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-28 21:33 - 2009-12-01 04:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-04-28 21:29 - 2014-04-28 21:29 - 00000932 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-28 21:29 - 2014-04-28 21:29 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\AVG2014
2014-04-28 21:29 - 2014-04-28 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-28 21:29 - 2014-04-28 21:28 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-28 21:29 - 2014-04-25 19:55 - 00000000 ____D () C:\Users\Fredin\AppData\Local\Avg2014
2014-04-28 21:28 - 2014-04-28 21:28 - 00000000 ___HD () C:\$AVG
2014-04-28 21:28 - 2011-01-31 19:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-28 20:24 - 2013-01-02 23:35 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\vlc
2014-04-28 20:19 - 2014-04-28 20:19 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-04-28 16:05 - 2014-04-24 23:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 16:05 - 2014-02-17 00:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 16:05 - 2014-02-17 00:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 19:37 - 2014-04-27 19:37 - 37105694 _____ () C:\Users\Fredin\AppData\Local\census.cache
2014-04-27 19:34 - 2014-04-27 19:34 - 00195330 _____ () C:\Users\Fredin\AppData\Local\ars.cache
2014-04-25 21:32 - 2014-04-25 21:32 - 00000010 _____ () C:\Users\Fredin\AppData\Local\sponge.last.runtime.cache
2014-04-25 21:29 - 2014-04-25 21:29 - 00000036 _____ () C:\Users\Fredin\AppData\Local\housecall.guid.cache
2014-04-25 19:56 - 2014-04-25 19:56 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-25 19:56 - 2011-11-16 04:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-25 19:55 - 2014-04-25 19:55 - 00000000 ____D () C:\Users\Fredin\AppData\Local\MFAData
2014-04-25 19:55 - 2014-04-25 19:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-25 19:55 - 2014-04-25 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-04-25 19:54 - 2014-04-24 22:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 19:52 - 2014-04-25 19:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 19:52 - 2014-04-24 22:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 19:52 - 2011-06-29 00:01 - 00000274 _____ () C:\Windows\wininit.ini
2014-04-24 23:35 - 2013-01-13 20:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-04-24 23:35 - 2013-01-13 20:12 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-24 23:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-24 23:32 - 2011-02-03 17:53 - 00000000 ____D () C:\Users\Fredin\AppData\Local\Adobe
2014-04-24 23:17 - 2013-02-05 23:27 - 00005000 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for FREDINPOD-GAIA-Fredin FredinPOD-Gaia
2014-04-24 23:13 - 2014-04-24 23:13 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-04-24 23:00 - 2014-04-24 23:00 - 00000000 __SHD () C:\Users\Fredin\AppData\Local\EmieUserList
2014-04-24 23:00 - 2014-04-24 23:00 - 00000000 __SHD () C:\Users\Fredin\AppData\Local\EmieSiteList
2014-04-24 22:41 - 2011-07-20 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 22:36 - 2014-04-24 22:36 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-24 22:36 - 2014-04-24 22:36 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-24 22:36 - 2014-04-24 22:36 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-24 22:31 - 2014-04-24 22:31 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\imhakecw.sys
2014-04-24 22:31 - 2014-04-24 22:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-24 22:22 - 2011-02-03 19:03 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\uTorrent
2014-04-24 03:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-24 03:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-24 01:39 - 2014-04-24 01:39 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-24 01:39 - 2014-04-24 01:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-24 01:39 - 2014-04-24 01:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-24 01:39 - 2014-04-24 01:39 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-24 01:39 - 2014-04-24 01:39 - 00000000 ____D () C:\Program Files\Java
2014-04-24 01:37 - 2014-04-24 01:37 - 00004100 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-24 01:37 - 2014-02-17 01:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-24 01:37 - 2014-02-17 01:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-24 01:25 - 2013-02-05 23:23 - 00000000 ___RD () C:\Users\Fredin\SkyDrive
2014-04-24 01:25 - 2011-01-31 20:49 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Mozilla
2014-04-24 01:25 - 2011-01-31 19:23 - 00000000 ____D () C:\Users\Fredin\AppData\Local\Google
2014-04-24 01:18 - 2014-04-24 01:18 - 00000000 ____D () C:\SUPERDelete
2014-04-23 18:36 - 2012-10-25 22:43 - 00000000 ____D () C:\Users\Mcx1-FREDINPOD-GAIA
2014-04-23 18:36 - 2011-07-30 22:10 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Rainmeter
2014-04-23 18:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-04-23 14:45 - 2011-01-31 19:18 - 00000000 ____D () C:\Users\Fredin
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-14 20:13 - 2014-04-24 01:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-24 01:37 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-24 01:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-24 01:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 22:24 - 2014-04-29 22:53 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 22:19 - 2014-04-29 22:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 01:57 - 2014-04-07 20:54 - 00000000 ____D () C:\ESCORT
2014-04-11 01:49 - 2014-04-07 21:19 - 00000000 ____D () C:\Users\Fredin\AppData\Local\ESCORT_Inc
2014-04-11 01:49 - 2014-04-07 20:55 - 00000000 ____D () C:\Program Files\DIFX
2014-04-11 01:49 - 2014-02-14 03:57 - 00000000 ____D () C:\Users\Fredin\AppData\Local\ezvid,_inc
2014-04-11 01:49 - 2011-11-16 23:01 - 00000000 ____D () C:\Users\Fredin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-10 03:21 - 2011-02-01 01:33 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-04-10 03:20 - 2014-04-10 03:20 - 00589107 _____ () C:\ProgramData\SPL9FB7.tmp
2014-04-10 03:02 - 2013-08-07 02:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:01 - 2011-02-03 11:18 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 20:55 - 2014-04-07 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-04-07 20:54 - 2014-04-07 20:54 - 02152176 _____ (Microsoft Corporation) C:\Windows\system32\WUDFUpdate_01009.dll
2014-04-07 20:54 - 2014-04-07 20:54 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-04-03 09:51 - 2014-04-30 16:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-30 16:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-30 16:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 07:42 - 2014-04-03 07:42 - 00589107 _____ () C:\ProgramData\SPL6189.tmp

Some content of TEMP:
====================
C:\Users\Fredin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp55vzjb.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 01:05

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Fredin at 2014-05-02 22:10:50
Running from C:\Users\Fredin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{81D00339-968D-15D1-3499-8431658E896F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{469032A5-C6F3-CE61-67B1-F8820B747401}) (Version: 2.0.4196.33893 - Advanced Micro Devices, Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 11.6.0.50825 - ATI Technologies Inc.) Hidden
AutoHotkey 1.1.00.00 (HKLM-x32\...\AutoHotkey) (Version: 1.1.00.00 - AutoHotkey Community)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
AVG PC Tuneup 2011 (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.26 - AVG)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.00.002.0013 - Atheros Communications)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{AC53C6A4-1CC4-48A5-91F3-565BB7978B22}) (Version:  - Microsoft)
DiskAnalyzer Pro 3.5 (HKLM-x32\...\DiskAnalyzer Pro_is1) (Version:  - Systweak Software)
DisplayFusion 5.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.0.0.0 - Binary Fortress Software)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Duplicate Music Files Finder 1.5.5 (HKLM-x32\...\Duplicate Music Files Finder_is1) (Version:  - LC IBros Solutions S.R.L.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Gateway Incorporated)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.2.0 - )
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
Livestream Procaster (HKLM-x32\...\{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}) (Version: 20.2.0 - Procaster)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{f531dd03-45ef-45e9-ab97-2a0ab4f14907}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.78.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6658 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.1 r959 - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.6.0 - SAMSUNG Electronics Co., Ltd.)
Search-Results Toolbar (HKLM-x32\...\searchresultstb) (Version: 1.0.0.13 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SiSoftware Sandra Lite 2012.SP4c (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 18.52.2012.6 - SiSoftware)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}) (Version: 4.11.10.4138 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
TightVNC 2.0.3 (HKLM-x32\...\TightVNC) (Version: 2.0.3 - GlavSoft LLC.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8E076AE6-4E29-4056-A13F-70CC8F433FB5}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VLC Setup Helper 3.01 (HKLM-x32\...\VLC Setup Helper_is1) (Version:  - )
Waterfox (HKLM\...\{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}) (Version:  - )
Waterfox 24.0 (x64 en-US) (HKLM\...\Waterfox 24.0 (x64 en-US)) (Version: 24.0 - Mozilla)
WBFS to ISO (HKLM-x32\...\{55F0E086-2E1C-4478-B52E-DA6025A46434}_is1) (Version:  - wbfstoiso.com)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.3 - SoundSpectrum)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
XP Recovery CD Maker (HKLM-x32\...\XP Recovery CD Maker) (Version:  - )

==================== Restore Points  =========================

01-05-2014 04:46:37 Removed Skype™ 6.14
03-05-2014 02:06:21 Windows Backup

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {11647AC1-BE76-474B-BC3F-85021F44FB69} - System32\Tasks\{3D64C832-80BC-47CE-97BE-3EB03BCA568A} => D:\SETUP.EXE
Task: {14BBBB2E-A0DF-4A44-80FA-205EDCFD1E90} - System32\Tasks\Microsoft Office 15 Sync Maintenance for FREDINPOD-GAIA-Fredin FredinPOD-Gaia => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
Task: {16ABAB59-2973-4F9C-8955-E0FD9C0DC4B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {229A558B-2076-4617-AED5-4476FC1F60ED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2936265059-4004976660-1058849456-1000Core => C:\Users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {2C44F38F-588D-4873-965D-7A7E315A0623} - System32\Tasks\{DDCAB629-B193-4C02-BBD3-1568A150F5BE} => C:\Program Files (x86)\DreamWorks Interactive\Neverhood\wa.exe.exe [1996-09-15] (The Neverhood)
Task: {55EAC0D5-08EC-45EE-BB46-0AF8A8696AD1} - System32\Tasks\{90CCA4F0-A760-4352-B9CA-11982399691F} => D:\SETUP.EXE
Task: {58C48C4D-DDC1-4B16-91AF-34673CEABEF3} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-FREDINPOD-GAIA => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {6C7C87F4-7DFD-423B-8A45-8C560C382E8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {A82AD084-247C-4314-A14B-124DF3018A51} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2009-08-31] (Lexmark International Inc.)
Task: {AF5176E0-BAF0-43BD-A3DD-F0E5C9F68740} - System32\Tasks\{03EEC65F-03D3-4C8B-8A18-8DFB0F352C1B} => D:\SETUP.EXE
Task: {B895901D-55B4-4028-850B-3C0967015FA7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D49BB7EA-35BF-4D67-919F-420F054282FB} - System32\Tasks\{16AA8EE2-0329-4F94-9A29-80D24E5C8D21} => D:\SETUP.EXE
Task: {E416AC74-62B0-4552-BDF7-16BAC0785BE8} - System32\Tasks\{2563846B-5366-4D8D-9CB7-48B73971283F} => D:\SETUP.EXE
Task: {F058CC4C-3702-4E37-A374-376D240F1EBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2936265059-4004976660-1058849456-1000UA => C:\Users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {FC010D90-EF8C-46E3-969F-6EA4050CDC83} - System32\Tasks\{3D155A74-0413-43DC-9120-186DA674406A} => C:\Program Files (x86)\DreamWorks Interactive\Neverhood\wa.exe.exe [1996-09-15] (The Neverhood)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2936265059-4004976660-1058849456-1000Core.job => C:\Users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2936265059-4004976660-1058849456-1000UA.job => C:\Users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2012-01-30 23:04 - 2009-04-21 02:33 - 00045568 _____ () C:\Windows\System32\LXF3PMON.DLL
2012-01-30 23:04 - 2007-08-27 01:44 - 00053248 _____ () C:\Windows\System32\LXF3OEM.DLL
2012-01-30 23:04 - 2009-04-21 02:33 - 00003584 _____ () C:\Windows\System32\LXF3PMRC.DLL
2012-01-30 22:51 - 2009-08-13 13:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-09-14 21:26 - 2013-03-25 10:57 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2011-10-07 05:39 - 2011-10-07 05:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-01-30 23:03 - 2009-08-31 06:49 - 00025256 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
2011-02-03 00:04 - 2011-02-03 00:04 - 00006144 _____ () C:\Users\Fredin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\CoreTempReader.dll
2011-02-03 00:04 - 2011-02-03 00:04 - 00008704 _____ () C:\Users\Fredin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\GetCoreTempInfoNET.dll
2011-02-03 00:04 - 2011-02-03 00:04 - 00007680 _____ () C:\Users\Fredin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\SystemInfo.dll
2011-11-18 15:52 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2011-05-01 00:07 - 2011-05-01 00:07 - 01333248 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2011-09-18 11:56 - 2011-09-18 11:56 - 00102912 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2011-09-18 11:56 - 2011-09-18 11:56 - 00869888 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2011-09-18 11:57 - 2011-09-18 11:57 - 00030720 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2013-08-28 20:23 - 2013-08-28 20:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-08-06 12:07 - 2012-08-06 12:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2009-07-23 20:54 - 2009-07-23 20:54 - 01024512 _____ () C:\Windows\system32\lxdndrs64.dll
2009-05-14 14:47 - 2009-05-14 14:47 - 00025088 _____ () C:\Windows\system32\lxdncaps64.dll
2007-10-02 15:51 - 2007-10-02 15:51 - 00054784 _____ () C:\Windows\system32\lxdncnv464.dll
2011-01-07 20:48 - 2011-01-07 20:48 - 00259688 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming64.dll
2011-11-18 15:52 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2012-01-30 22:54 - 2007-10-12 10:24 - 00364544 _____ () C:\Program Files (x86)\Lexmark 2600 Series\iptk.dll
2012-01-30 23:03 - 2009-02-11 08:49 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll
2012-01-30 23:03 - 2009-02-11 08:50 - 00036864 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll
2012-01-30 23:03 - 2009-02-11 08:49 - 00061440 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
2012-01-30 23:03 - 2007-11-21 23:55 - 00011776 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2014-04-28 16:26 - 2014-04-23 20:33 - 00065352 _____ () C:\Users\Fredin\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2009-06-12 19:37 - 2009-06-12 19:37 - 00032768 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
2009-06-12 19:37 - 2009-06-12 19:37 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-08-28 20:25 - 2013-08-28 20:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-04-30 12:22 - 2014-04-30 12:22 - 00041984 _____ () c:\users\fredin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp55vzjb.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\Fredin\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31871508.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40617372.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\85324970.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86582491.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31871508.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\40617372.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\85324970.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86582491.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AVG Security Toolbar Service => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: lxdn_device => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\Services: USBS3S4Detection => 2
MSCONFIG\startupreg: 222326074CC17C29240A03873AEE5E833F642FE6._service_run => "C:\Users\Fredin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: PhotoExplosionCalCheck => C:\Program Files (x86)\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: UVS10 Preload => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2014 02:03:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/01/2014 01:47:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/30/2014 00:22:14 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2014 00:22:14 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2014 00:22:14 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2014 00:22:14 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/30/2014 00:22:13 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2014 00:22:13 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/30/2014 00:22:13 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2014 00:22:13 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/02/2014 02:06:37 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (05/02/2014 00:06:25 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (05/01/2014 02:27:52 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (05/01/2014 01:29:26 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/30/2014 11:49:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/30/2014 06:27:22 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/30/2014 02:41:22 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/30/2014 00:22:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/30/2014 00:22:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (04/30/2014 00:22:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (05/02/2014 02:03:34 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/01/2014 01:47:22 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/30/2014 00:22:14 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2014 00:22:14 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2014 00:22:14 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2014 00:22:14 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/30/2014 00:22:13 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/30/2014 00:22:13 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/30/2014 00:22:13 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/30/2014 00:22:13 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700


CodeIntegrity Errors:
===================================
  Date: 2012-06-24 14:04:20.689
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-24 14:04:20.646
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-24 14:00:07.001
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-24 14:00:06.949
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-24 13:59:54.680
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-24 13:59:54.639
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 8119.09 MB
Available physical RAM: 4042.04 MB
Total Pagefile: 8517.27 MB
Available Pagefile: 4817.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:94.69 GB) (Free:18.04 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:914.51 GB) (Free:567.97 GB) NTFS
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.25 GB) (Free:0 GB) UDF
Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:604.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 00269FE7)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=95 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AB71CDF3)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=17 GB) - (Type=27)
Partition 3: (Not Active) - (Size=915 GB) - (Type=42)

========================================================
Disk: 2 (Size: 1397 GB) (Disk ID: AB7B2F2D)
Partition 1: (Not Active) - (Size=-698723958272) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:21 AM

Posted 03 May 2014 - 04:42 AM

Hi Crank4

The report is showing signs of P2P activity.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.


Step 1
Please uninstall the following program:
Search-Results Toolbar


Recommendation:
I see you have Spybot Search and Destroy installed.
We stopped recommending this some time ago due to poor test results.
In addition, you have AVG, MBAM and SAS installed... Spybot is not really needed.
Too much security is as bad as too little.


Step 2
Please download the attached fixlist file (bottom of this post) and save it to the Download folder.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 3
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    In your next reply, please submit:
    Fixlog.txt
    Combofix.txt

    and please give me an update on how the system is behaving.


    Thanks.

Attached Files


BBPP6nz.png


#5 Crank4

Crank4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 04 May 2014 - 02:49 PM

Ok after uninstalling bywifi it seems my problems have went away but I continued with you advice just in case. I had already uninstalled spybot search and destroy. I also uninstalled Search-Results Toolbar I must've missed this since it's been on my conmpuer for years, but then again so was bywifi. When I downloaded combofix i wasn't given an option of download location or naming it. I did rename the combofix.exe file to combobreaker.exe before running it. I also turned off my firewall before running it, then realized that you did not say to do such a thing.

 

Anyway now my computer has started some new weird behavior however it may be normal. It involves autoplay. It's asking me what i want to do with CD Drive (K:) MYCD_VOL. i don't have a CD in the drive. Also when i opened Waterfox it warned me that Waterfox was no longer my default browser. I switched it back to being the default. Also the icon for Waterfox has changed back to the default icon. (I had changed it to something else previously)

 

Thanks for your continued help!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by Fredin at 2014-05-04 15:21:35 Run:1
Running from C:\Users\Fredin\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\...\Winlogon: [Shell] EXPLORER.EXE [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF NetworkProxy: "autoconfig_url", "http://localhost:9000/proxy.pac"
FF NetworkProxy: "type", 2
CHR HKLM-x32\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Users\Fredin\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-09-19]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
2014-04-10 03:20 - 2014-04-10 03:20 - 00589107 _____ () C:\ProgramData\SPL9FB7.tmp
2014-04-03 07:42 - 2014-04-03 07:42 - 00589107 _____ () C:\ProgramData\SPL6189.tmp
2014-05-02 22:09 - 2012-03-13 02:01 - 00000000 ____D () C:\Program Files (x86)\Bywifi
C:\Users\Fredin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp55vzjb.dll
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

Folder:
C:\Windows\system32\FxsTmp
Reboot:







*****************

HKU\S-1-5-21-2936265059-4004976660-1058849456-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\./0123456789:;<=>?@ABCDEFGHIJKLM => Key deleted successfully.
C:\Users\Fredin\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ => Moved successfully.
nvlddmkm => Service deleted successfully.
C:\ProgramData\SPL9FB7.tmp => Moved successfully.
C:\ProgramData\SPL6189.tmp => Moved successfully.
C:\Program Files (x86)\Bywifi => Moved successfully.
"C:\Users\Fredin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp55vzjb.dll" => File/Directory not found.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.

========================= Folder: ========================

Directory Not Found
C:\Windows\System32\FxsTmp => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

ComboFix 14-04-30.01 - Fredin 05/04/2014  15:30:01.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8119.5348 [GMT -4:00]
Running from: c:\users\Fredin\Downloads\Combobreaker.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL261.tmp
c:\programdata\SPL301D.tmp
c:\programdata\SPL60F.tmp
c:\users\Fredin\Documents\~WRL3932.tmp
G:\Autorun.inf
G:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-04 to 2014-05-04  )))))))))))))))))))))))))))))))
.
.
2014-05-03 07:00 . 2014-04-29 14:01    23547904    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-03 07:00 . 2014-04-29 13:40    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-03 07:00 . 2014-04-29 12:34    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-03 02:09 . 2014-05-04 19:21    --------    d-----w-    C:\FRST
2014-04-30 20:44 . 2014-04-30 20:44    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-30 20:44 . 2014-04-03 13:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-30 20:44 . 2014-04-03 13:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-30 20:44 . 2014-04-03 13:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-30 16:22 . 2014-04-30 16:22    --------    d-----w-    c:\users\Fredin\AppData\Roaming\DropboxMaster
2014-04-30 07:00 . 2014-04-30 07:00    --------    d-s---w-    c:\windows\system32\CompatTel
2014-04-30 02:53 . 2014-04-14 02:24    465408    ----a-w-    c:\windows\system32\aepdu.dll
2014-04-30 02:53 . 2014-04-14 02:19    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-04-29 01:29 . 2014-04-29 01:29    --------    d-----w-    c:\users\Fredin\AppData\Roaming\AVG2014
2014-04-29 01:28 . 2014-04-29 01:29    --------    d-----w-    c:\programdata\AVG2014
2014-04-29 01:28 . 2014-04-29 01:28    --------    d-----w-    C:\$AVG
2014-04-25 23:56 . 2014-04-25 23:56    --------    d-----w-    c:\users\Fredin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-25 23:55 . 2014-04-25 23:55    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2014-04-25 23:55 . 2014-05-04 18:24    --------    d-----w-    c:\programdata\MFAData
2014-04-25 23:55 . 2014-04-29 01:29    --------    d-----w-    c:\users\Fredin\AppData\Local\Avg2014
2014-04-25 23:55 . 2014-04-25 23:55    --------    d-----w-    c:\users\Fredin\AppData\Local\MFAData
2014-04-25 20:24 . 2014-04-17 09:31    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6819250-8D9C-4905-B097-9572ED739016}\mpengine.dll
2014-04-25 03:13 . 2014-04-25 03:13    --------    d-----w-    c:\program files (x86)\Trend Micro
2014-04-25 03:00 . 2014-04-25 03:00    --------    d-sh--w-    c:\users\Fredin\AppData\Local\EmieUserList
2014-04-25 03:00 . 2014-04-25 03:00    --------    d-sh--w-    c:\users\Fredin\AppData\Local\EmieSiteList
2014-04-25 02:42 . 2014-05-04 19:34    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-25 02:36 . 2014-04-25 23:52    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-04-25 02:36 . 2014-04-25 23:54    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-25 02:31 . 2014-04-25 02:31    423240    ----a-w-    c:\windows\system32\drivers\imhakecw.sys
2014-04-25 02:31 . 2014-04-25 02:31    --------    d-----w-    c:\programdata\AVAST Software
2014-04-24 05:39 . 2014-03-31 13:35    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-04-24 05:39 . 2014-04-24 05:39    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-04-24 05:39 . 2014-04-24 05:39    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-04-24 05:39 . 2014-04-24 05:39    189352    ----a-w-    c:\windows\system32\java.exe
2014-04-24 05:39 . 2014-04-24 05:39    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-24 05:39 . 2014-04-24 05:39    --------    d-----w-    c:\program files\Java
2014-04-24 05:37 . 2014-04-15 00:13    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-24 05:18 . 2014-04-24 05:18    --------    d-----w-    C:\SUPERDelete
2014-04-18 19:01 . 2014-04-18 19:01    237336    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-04-08 01:19 . 2014-04-11 05:49    --------    d-----w-    c:\users\Fredin\AppData\Local\ESCORT_Inc
2014-04-08 00:55 . 2014-04-11 05:49    --------    d-----w-    c:\program files\DIFX
2014-04-08 00:54 . 2014-04-11 05:57    --------    d-----w-    C:\ESCORT
2014-04-08 00:54 . 2014-04-08 00:54    2152176    ----a-w-    c:\windows\system32\WUDFUpdate_01009.dll
2014-04-08 00:54 . 2014-04-08 00:54    1002728    ----a-w-    c:\windows\system32\WinUSBCoInstaller2.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 20:05 . 2014-02-17 04:37    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-28 20:05 . 2014-02-17 04:37    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 08:05 . 2013-02-06 03:20    833232    ------w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-04-10 07:01 . 2011-02-03 15:18    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-31 20:20 . 2014-03-31 20:20    274200    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-03-31 20:06 . 2014-03-31 20:06    130840    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-03-28 02:14 . 2014-03-28 02:14    192792    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-03-28 02:14 . 2014-03-28 02:14    153368    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-03-28 02:07 . 2014-03-28 02:07    236824    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-03-28 02:05 . 2014-03-28 02:05    324376    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-03-28 02:03 . 2014-03-28 02:03    32536    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2014-03-04 09:17 . 2014-04-09 12:07    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 03:53    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 03:53    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 03:53    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 03:53    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 03:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Fredin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Fredin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Fredin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Fredin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-08-26 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"lxdnmon.exe"="c:\program files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe" [2009-08-31 660136]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 2600 Series\ezprint.exe" [2009-08-31 107176]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]
.
c:\users\Fredin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fredin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
sidebar.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2011-5-11 1174016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoHotkey.lnk - c:\program files\AutoHotkey\AutoHotkey.exe [2011-5-1 1333248]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys;c:\windows\SYSNATIVE\Drivers\StkCMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
R4 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-25 20:05]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2936265059-4004976660-1058849456-1000Core.job
- c:\users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 03:01]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2936265059-4004976660-1058849456-1000UA.job
- c:\users\Fredin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 03:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Fredin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Fredin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Fredin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Fredin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2009-08-31 660136]
"EzPrint"="c:\program files (x86)\Lexmark 2600 Series\ezprint.exe" [2009-08-31 107176]
"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2009-08-31 16040]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-04-01 558168]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-04-01 349272]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\users\Fredin\Downloads\Visual 7\AveFolderBGW764Bit\VistaFolderBackground.dll" [2010-05-25 214016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-BackupSoft - \RunRedem.exe
SafeBoot-31871508.sys
SafeBoot-40617372.sys
SafeBoot-85324970.sys
SafeBoot-86582491.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2936265059-4004976660-1058849456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2936265059-4004976660-1058849456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\users\Fredin\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2014-05-04  15:36:28 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-04 19:36
.
Pre-Run: 18,428,342,272 bytes free
Post-Run: 18,223,357,952 bytes free
.
- - End Of File - - 5876706EE67550D84734DF2AD9434E1D
A36C5E4F47E84449FF07ED3517B43A31
 



#6 Crank4

Crank4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 04 May 2014 - 02:54 PM

Ah it some how messed up my Autohotkey commands! I use these frequently and would like them back, is there an easy way of getting them back?! Thanks.



#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:21 AM

Posted 04 May 2014 - 04:41 PM

Hi Crank4,
 

When I downloaded combofix i wasn't given an option of download location or naming it.

The instructions are basically for IE, not all browsers give the same options.
The reason for the renaming, is just to avoid any malware on the system that may look for Combofix and try to stop it from running.
 

I also turned off my firewall before running it, then realized that you did not say to do such a thing.

That's fine, everything ran ok.
 

Anyway now my computer has started some new weird behavior however it may be normal. It involves autoplay.
Also when i opened Waterfox it warned me that Waterfox was no longer my default browser.
Also the icon for Waterfox has changed back to the default icon. (I had changed it to something else previously)

Combofix will disable autoplay as this is a favourite utility for malware to use.
It will also have reset your browser back to the default of IE.
Just reset things back to your own choice now.

If you want Autorun back to how it was, you can use these instructions....... although it is always best to have this disabled.

For getting the autoplay function back, please do the following -

Copy the text below into a Notepad (Go to Start > Run, type Notepad and hit Enter) document:
 

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveAutoRun"=dword:00000149
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveAutoRun"=dword:00000149
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:00000001

Note: Make sure there is no blank line before REGEDIT4 and one blank line at the end.

Go to File >> Save As:. Save the file as "Fix.reg" (Including the quotes) and save it to your desktop.

From your desktop...double-click on Fix.reg. When asked if you want to merge the file with the registry, click Yes.

Restart your computer.

As for the HotKeys, i haven't heard of these being disabled before.... but i will look into it and get back to you.

 

Edit:

Just a thought.... what type of keyboard are you using?

When you say 'Autohotkey commands' do you mean personally set keys ( as i have set on my M$ keyboard? )


Edited by Starbuck, 04 May 2014 - 05:05 PM.

BBPP6nz.png


#8 Crank4

Crank4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 04 May 2014 - 05:22 PM

Autohotkey.ahk is a program I downloaded a while ago. I use my computer as a Home Theater PC as well. It's dual screen but the main screen is cloned to my TV. I would be constantly changing the speaker output from the 2.1 on the PC and the the 5.1 on the TV (I could just fpress F7 for PC speakers and F12 for surround sound). The keyboard is a logitech wave keyboard. I have done a system restore after the combofix since the AHK was no longer running and I could not remember the script i wrote for it, except that it took me a week to get it working right since I'm not savvy at writing that stuff at all. I got everything working the way I wanted and no longer have the annoying browser hijacking.

 

I essentially undid the combofix with the system restore. If you think I should I could now access the script i worte and redo it, but as far as I can tell everything seems to be running fine.



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:21 AM

Posted 04 May 2014 - 06:09 PM

Thanks Crank4,

that makes more sense now.
Unfortunately CF has no way of telling if the alterations were done by yourself or malware... that's why everything was reset back to the default.
The problem with using system restore after running our tools, is that you may have inadvertently added some bad things back.


Step 1
As you have MalwareBytes on your system, we can use that to run a double check.
Run MBAM
  • If you are notified the Database is out of date click Update Now

    mbamnew_zpsdc989cc1.png
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
.

(Copy to clipboard for pasting into forum replies)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.

    mbamapplog_zps222887ef.png
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
.

Step 2
I'm also a little concerned about this in the error logs:


Error: (04/30/2014 06:27:22 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

It would be worthwhile running a check on the hard drive.
  • Click Start >> Computer
  • Right click on your main drive (usually 'C')
  • Select Properties
  • Click on the Tools tab
  • Under Error Checking.. Click Check Now
  • Tick the options that you require ( Please tick both options )
  • Click Start
  • On the screen that comes up.. Click Yes then OK
  • Now restart your computer.
Note: Be patient. Analyzing the drive can be a lengthy process

Please post the MBAM report in your next reply.

Thanks

Edited by Starbuck, 04 May 2014 - 06:11 PM.

BBPP6nz.png


#10 Crank4

Crank4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 04 May 2014 - 08:31 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/4/2014
Scan Time: 9:13:59 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.04.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Fredin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340464
Time Elapsed: 6 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#11 Crank4

Crank4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 04 May 2014 - 08:38 PM

I checked both automatically fix file system errors and scan for and attempt recovery of bad sectors. When I restarted the computer it just stated that it was an NTFS volume and that there were no problems essentially. The process took no time at all though. Maybe because my main\C drive is a smaller SSD?



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:21 AM

Posted 05 May 2014 - 02:56 AM

Hi Crank4

So all of your original problems are now gone?
Is the system running ok?

When you are happy we can finish off the cleaning process.

BBPP6nz.png


#13 Crank4

Crank4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 05 May 2014 - 09:19 PM

Yea, all original problems are gone. Sysytem seems to be running just fine! Thanks Starbuck!



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:21 AM

Posted 06 May 2014 - 04:23 AM

Hi Crank4

Let's finish the cleaning process and remove the tools we have used.
We'll also set you a fresh restore point.

Step 1
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 5".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 2
Download Delfix and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
  • Create registry backup
  • Purge system restore

    delf_zpsb39a5ff3.png
    .
  • Click the Run button.
When the tool has finished, a log will open in notepad.... but i don't actually need this report


Step 3
Restart MBAM.
Click on the History tab >> Quarantine
Tick to select any items and then click the Delete button.
Close MBAM.


To find out how you may have been infected....read this topic:
How did i get infected?


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser to Internet Explorer:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

They offer better security, more stability, and better speed.

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
Programs like:
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
Alternatively, turn on the Automatic Updates.

Peer to Peer programs
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

BBPP6nz.png


#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:21 AM

Posted 15 May 2014 - 12:30 PM

As this topic has been resolved this thread will now be closed.

If you need this topic reopened, please contact one of the moderating team by PM and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users