Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix without proper research


  • This topic is locked This topic is locked
9 replies to this topic

#1 embarrassed

embarrassed

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 02 May 2014 - 03:23 AM

I was an ENORMOUS idiot and rashly decided to download and run Combofix before knowing what I was getting myself into. I read a random post on Reddit about how great the program was for removing malware, and without much thought I ran the program. While it was working, I decided to do some research using my phone (since it temporarily disables internet), and soon realized I made a terrible mistake. But, my instincts told me it would be a horrible idea to close the program while it was already mid-operation, so I sat there in suspense, hoping my computer wouldn't explode and eradicate the entire human race. Anyway, I haven't noticed any immediate problems with my computer since running the program, although I have noticed a slight increase in speed.

 

Here are the logs. I have no idea how to interpret them, so if it deleted something that may cause problems, please let me know how I can fix it: 

 

 
 
ComboFix 14-04-30.01 - Main 05/02/2014   3:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.5396 [GMT -4:00]
Running from: c:\users\Main\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-02 to 2014-05-02  )))))))))))))))))))))))))))))))
.
.
2014-05-02 07:22 . 2014-05-02 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-01 00:29 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C1B97E3-20FF-4A9B-BCE5-8558F9B186DE}\mpengine.dll
2014-04-29 20:46 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-24 12:02 . 2014-04-24 12:06 -------- d-----w- c:\users\Main\AppData\Roaming\livestreamer
2014-04-21 23:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-19 20:13 . 2014-02-20 12:21 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{553AB2FD-8F87-4162-8AE1-A27B746103AE}\gapaengine.dll
2014-04-12 06:15 . 2014-04-12 06:15 -------- d-----w- c:\users\Main\AppData\Local\Arktos Entertainment
2014-04-12 06:11 . 2014-04-12 07:28 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-12 06:11 . 2014-04-12 06:11 -------- d-----w- c:\users\Main\AppData\Local\PunkBuster
2014-04-12 06:11 . 2014-04-12 06:11 -------- d-----w- c:\users\Main\AppData\Local\Arktos
2014-04-12 06:10 . 2014-04-12 07:28 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-12 06:10 . 2014-04-12 06:11 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-12 06:10 . 2014-04-12 06:10 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-08 21:30 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-08 21:30 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-08 21:30 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-08 21:30 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-08 21:30 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-04-08 21:29 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-04-08 21:29 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-04-08 21:29 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-04-08 21:29 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-04-08 21:29 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-04-08 21:29 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-04-08 21:29 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-04-08 21:29 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-04-08 21:29 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-04-08 21:29 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-04-08 21:29 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-07 19:34 . 2014-04-07 19:34 -------- d-----w- c:\programdata\Razer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-01 03:01 . 2012-04-06 14:44 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-01 03:01 . 2011-05-16 14:21 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 06:12 . 2010-07-14 19:48 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-25 20:03 . 2014-03-25 20:01 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-03-11 13:52 . 2012-08-31 02:03 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-04-08 21:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-20 12:21 . 2012-10-20 14:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-07 01:23 . 2014-03-13 20:20 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 20:19 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 20:19 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 20:19 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 20:19 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Main\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"uTorrent"="c:\users\Main\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-23 1266520]
"puush"="c:\puush\puush.exe" [2014-02-05 567880]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\users\Main\GameGuard\dump_wmimmc.sys;c:\users\Main\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 Gun;Gun;c:\windows\system32\Gun64.sys;c:\windows\SYSNATIVE\Gun64.sys [x]
R3 GunBod;GunBod;c:\gunbound\SoftnyxGame\GunBoundIS\avital\gunbod64.sys;c:\gunbound\SoftnyxGame\GunBoundIS\avital\gunbod64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS;c:\windows\SYSNATIVE\JRSKD24.SYS [x]
R3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.SYS;c:\windows\SYSNATIVE\JRSUKD24.SYS [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\junk\Game Booster 3\Driver\WinRing0x64.sys;c:\junk\Game Booster 3\Driver\WinRing0x64.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys;c:\windows\SYSNATIVE\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys;c:\windows\SYSNATIVE\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys;c:\windows\SYSNATIVE\Drivers\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe;c:\program files (x86)\AVG\AVG9\avgemc.exe [x]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 18:11 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:01]
.
2014-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 05:15]
.
2014-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 05:15]
.
2014-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2784165769-1259122930-484551453-1000Core.job
- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-01 03:12]
.
2014-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2784165769-1259122930-484551453-1000UA.job
- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-01 03:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-02-27 8294680]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.140.114.21 64.140.114.22 64.140.114.23
FF - ProfilePath - c:\users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/?cmd=home
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_USERS\S-1-5-21-2784165769-1259122930-484551453-1000\Software\SecuROM\License information*]
"datasecu"=hex:7b,e5,70,d8,bc,9e,41,48,d8,92,79,9f,82,cd,65,94,08,e6,e6,93,2c,
   e0,b9,f4,76,92,22,47,cd,26,93,b3,0c,28,70,f0,0f,79,e8,18,17,68,89,87,0c,e2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-02  03:40:39
ComboFix-quarantined-files.txt  2014-05-02 07:40
.
Pre-Run: 46,944,358,400 bytes free
Post-Run: 51,615,277,056 bytes free
.
- - End Of File - - CCDE6ED99839DCF452E4F1532F46D43D
A36C5E4F47E84449FF07ED3517B43A31

Edited by hamluis, 02 May 2014 - 07:07 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 embarrassed

embarrassed
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 02 May 2014 - 04:01 AM

I didn't really have any major malware problems, but I ran combofix out of curiosity like an idiot. I haven't noticed any issues with my computer yet, but here are my DDS logs:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Main at 4:58:47 on 2014-05-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.4506 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\puush\puush.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\Main\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [uTorrent] "C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [puush] C:\puush\puush.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 64.140.114.21 64.140.114.22 64.140.114.23
TCP: Interfaces\{EFEB77CB-1763-48E3-9BF4-0B736738A511} : DHCPNameServer = 198.18.0.1 198.18.0.2
TCP: Interfaces\{FC101E1B-B6F6-4513-B2B2-EE5D489DCCB5} : DHCPNameServer = 64.140.114.21 64.140.114.22 64.140.114.23
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/?cmd=home
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-9-10 282976]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-10 35664]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-9-10 317520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-20 59648]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-9-10 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-10 308136]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-9-13 308656]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-11-22 1922600]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-25 4153184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2013-5-30 41752]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-10-13 39080]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-10-16 143016]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-7-14 1290752]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-12-2 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-12-2 12032]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-5-20 21656]
S3 Gun;Gun;C:\Windows\System32\Gun64.sys [2011-3-28 30840]
S3 GunBod;GunBod;C:\gunbound\SoftnyxGame\GunboundIS\avital\gunbod64.sys [2013-5-6 82320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-29 111616]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2013-10-13 33448]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2013-10-13 30888]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-14 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Junk\Game Booster 3\Driver\WinRing0x64.sys [2012-6-11 14544]
.
=============== Created Last 30 ================
.
2014-05-02 07:42:07 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-02 07:04:35 98816 ----a-w- C:\Windows\sed.exe
2014-05-02 07:04:35 256000 ----a-w- C:\Windows\PEV.exe
2014-05-02 07:04:35 208896 ----a-w- C:\Windows\MBR.exe
2014-05-01 00:29:49 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C1B97E3-20FF-4A9B-BCE5-8558F9B186DE}\mpengine.dll
2014-04-29 20:46:21 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-24 12:02:22 -------- d-----w- C:\Users\Main\AppData\Roaming\livestreamer
2014-04-21 23:53:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-19 20:13:42 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{553AB2FD-8F87-4162-8AE1-A27B746103AE}\gapaengine.dll
2014-04-12 06:15:05 -------- d-----w- C:\Users\Main\AppData\Local\Arktos Entertainment
2014-04-12 06:11:37 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-12 06:11:32 -------- d-----w- C:\Users\Main\AppData\Local\PunkBuster
2014-04-12 06:11:26 -------- d-----w- C:\Users\Main\AppData\Local\Arktos
2014-04-12 06:10:54 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-12 06:10:54 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-12 06:10:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-04-08 21:30:03 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-04-08 21:30:03 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-04-08 21:30:03 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-04-08 21:30:03 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-04-08 21:30:03 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-04-08 21:29:56 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-08 21:29:56 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-08 21:29:56 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-08 21:29:56 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-08 21:29:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-08 21:29:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-04-08 21:29:55 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-08 21:29:55 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-08 21:29:55 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-08 21:29:53 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2014-05-01 03:01:48 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 03:01:48 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-25 20:03:31 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH:  4:59:02.36 ===============
 

 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 07 May 2014 - 03:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533035 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 embarrassed

embarrassed
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 07 May 2014 - 01:26 PM

I ran combofix rashly before I did enough research. I wasn't having any major malware problems that I'm aware of, but I'm worried about any damage to my computer from running the program. And no, I don't have my original windows CD, although if worst comes to worst I can purchase a new one. 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Main at 14:17:10 on 2014-05-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.4669 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Users\Main\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
C:\puush\puush.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Raidcall\raidcall.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\Main\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\Main\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [uTorrent] "C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [puush] C:\puush\puush.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 64.140.114.21 64.140.114.22 64.140.114.23
TCP: Interfaces\{EFEB77CB-1763-48E3-9BF4-0B736738A511} : DHCPNameServer = 198.18.0.1 198.18.0.2
TCP: Interfaces\{FC101E1B-B6F6-4513-B2B2-EE5D489DCCB5} : DHCPNameServer = 64.140.114.21 64.140.114.22 64.140.114.23
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/?cmd=home
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-9-10 282976]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-10 35664]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-9-10 317520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-20 59648]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-9-10 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-10 308136]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-9-13 308656]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-11-22 1922600]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-25 4153184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2013-5-30 41752]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-10-13 39080]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-10-16 143016]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-7-14 1290752]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-12-2 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-12-2 12032]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-5-20 21656]
S3 Gun;Gun;C:\Windows\System32\Gun64.sys [2011-3-28 30840]
S3 GunBod;GunBod;C:\gunbound\SoftnyxGame\GunboundIS\avital\gunbod64.sys [2013-5-6 82320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-29 111616]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2013-10-13 33448]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2013-10-13 30888]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-14 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Junk\Game Booster 3\Driver\WinRing0x64.sys [2012-6-11 14544]
.
=============== Created Last 30 ================
.
2014-05-07 07:46:09 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 19:09:21 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAF64D05-675E-49FC-9AC9-C726885940D2}\gapaengine.dll
2014-05-06 19:08:39 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3DE360B-0E3B-44AB-80D1-0CC742641B92}\mpengine.dll
2014-05-06 19:06:05 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 19:06:05 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-04 23:36:01 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-03 04:26:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-03 04:26:20 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-02 07:42:07 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-02 07:04:35 98816 ----a-w- C:\Windows\sed.exe
2014-05-02 07:04:35 256000 ----a-w- C:\Windows\PEV.exe
2014-05-02 07:04:35 208896 ----a-w- C:\Windows\MBR.exe
2014-04-24 12:02:22 -------- d-----w- C:\Users\Main\AppData\Roaming\livestreamer
2014-04-21 23:53:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 06:15:05 -------- d-----w- C:\Users\Main\AppData\Local\Arktos Entertainment
2014-04-12 06:11:37 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-12 06:11:32 -------- d-----w- C:\Users\Main\AppData\Local\PunkBuster
2014-04-12 06:11:26 -------- d-----w- C:\Users\Main\AppData\Local\Arktos
2014-04-12 06:10:54 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-12 06:10:54 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-12 06:10:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-04-08 21:30:03 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-04-08 21:30:03 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-04-08 21:30:03 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-04-08 21:30:03 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-04-08 21:30:03 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-04-08 21:29:56 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-08 21:29:56 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-08 21:29:56 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-08 21:29:56 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-08 21:29:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-08 21:29:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-04-08 21:29:55 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-08 21:29:55 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-08 21:29:55 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-08 21:29:53 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2014-05-01 03:01:48 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 03:01:48 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-25 20:03:31 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:21:38.19 ===============


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:21 AM

Posted 08 May 2014 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your DDS log is clean of malware.
If you wish to check further run these tools and post the logs for my review.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

p.s.
Uninstall ComboFix
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

#6 embarrassed

embarrassed
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 08 May 2014 - 08:52 PM


# AdwCleaner v3.207 - Report created 08/05/2014 at 21:10:37
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Main - DEMON
# Running from : C:\Users\Main\Downloads\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Main\AppData\Local\GamePlayLabs Plugin
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\Conduit
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\ConduitCommon
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\Smartbar
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\CT2260173
Folder Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
File Deleted : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\searchplugins\conduit-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\prefs.js ]
 
Line Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
Line Deleted : user_pref("CT2260173.AppTrackingLastCheckTime", "Tue Aug 21 2012 15:16:47 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.CTID", "CT2260173");
Line Deleted : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT2260173.CurrentServerDate", "28-1-2014");
Line Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Mon Jan 27 2014 16:22:12 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"8/8/2010 2:38:43 AM\",\"SourceId\":0,\"ReferralUrl\":\"hxxp://sw[...]
Line Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Line Deleted : user_pref("CT2260173.FeedLastCount128962387092725141", 50);
Line Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Wed Mar 23 2011 18:37:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Wed Mar 23 2011 16:48:14 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.FeedPollDate128962387092725141", "Wed Mar 09 2011 21:12:55 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Line Deleted : user_pref("CT2260173.FirstServerDate", "8-8-2010");
Line Deleted : user_pref("CT2260173.FirstTime", true);
Line Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Line Deleted : user_pref("CT2260173.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2260173.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2260173.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2260173.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2260173.Initialize", true);
Line Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2260173.InstalledDate", "Sat Aug 07 2010 19:58:44 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.InvalidateCache", false);
Line Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2260173.IsGrouping", false);
Line Deleted : user_pref("CT2260173.IsMulticommunity", false);
Line Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Mon Jan 27 2014 16:22:12 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2260173.LastLogin_2.7.2.0", "Fri Jan 21 2011 20:37:18 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.10.0.1", "Tue Apr 17 2012 23:33:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.12.0.7", "Wed Apr 25 2012 17:20:14 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.12.2.3", "Wed May 30 2012 16:36:54 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.13.0.6", "Wed Jul 18 2012 23:06:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.14.1.0", "Tue Aug 21 2012 15:15:54 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.15.1.0", "Thu Jan 17 2013 00:01:52 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.16.0.3", "Wed Apr 24 2013 22:50:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.18.0.7", "Tue Aug 06 2013 23:18:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.19.0.3", "Mon Jan 27 2014 16:22:12 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.2.5.2", "Wed Mar 23 2011 16:48:14 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.3.3.2", "Thu May 12 2011 20:12:36 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.3.5.1", "Fri Jun 24 2011 11:36:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.5.0.12", "Mon Aug 15 2011 15:32:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.6.0.10", "Tue Sep 27 2011 19:40:42 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.7.0.6", "Mon Nov 07 2011 15:51:14 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.8.0.8", "Mon Dec 05 2011 20:13:27 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.8.1.0", "Mon Jan 09 2012 18:04:31 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LastLogin_3.9.0.3", "Tue Mar 06 2012 19:57:40 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT2260173.Locale", "en");
Line Deleted : user_pref("CT2260173.LoginCache", 4);
Line Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2260173.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2260173.RadioLastCheckTime", "0");
Line Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2260173.SearchBoxWidth", 931);
Line Deleted : user_pref("CT2260173.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2260173&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Swagbucks.com");
Line Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=");
Line Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Mon Jan 27 2014 16:22:12 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2260173.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2260173.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Mon Jan 27 2014 16:22:13 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Mon Jan 27 2014 16:22:11 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.SettingsLastUpdate", "1390753412");
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Mon Jan 27 2014 16:22:11 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,OurToolbar.com,CommunityToolbar[...]
Line Deleted : user_pref("CT2260173.UserID", "UN01689902209584448");
Line Deleted : user_pref("CT2260173.ValidationData_Search", 2);
Line Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2260173.alertChannelId", "657446");
Line Deleted : user_pref("CT2260173.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2260173.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2260173.components.1000034", false);
Line Deleted : user_pref("CT2260173.components.1000082", false);
Line Deleted : user_pref("CT2260173.components.1000234", false);
Line Deleted : user_pref("CT2260173.components.128940646976625674", false);
Line Deleted : user_pref("CT2260173.components.128940651219556906", false);
Line Deleted : user_pref("CT2260173.components.128940658144557031", false);
Line Deleted : user_pref("CT2260173.components.128940659599556287", false);
Line Deleted : user_pref("CT2260173.components.128940706283150316", false);
Line Deleted : user_pref("CT2260173.components.128940706522681543", false);
Line Deleted : user_pref("CT2260173.components.128941655304875645", false);
Line Deleted : user_pref("CT2260173.components.128941656432219667", false);
Line Deleted : user_pref("CT2260173.components.128958271477056519", false);
Line Deleted : user_pref("CT2260173.components.128962387831475966", false);
Line Deleted : user_pref("CT2260173.components.128993342870288317", false);
Line Deleted : user_pref("CT2260173.components.128993342947475250", false);
Line Deleted : user_pref("CT2260173.components.129137782531242622", false);
Line Deleted : user_pref("CT2260173.components.129441809115231739", false);
Line Deleted : user_pref("CT2260173.countryCode", "CA");
Line Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2260173.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorByUser", "FALSE");
Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2260173.fullUserID", "UN01689902209584448.UP.20140208183626");
Line Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.a[...]
Line Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Mon Jan 27 2014 16:22:12 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2260173.initDone", true);
Line Deleted : user_pref("CT2260173.installType", "DirectDownload");
Line Deleted : user_pref("CT2260173.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT2260173.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2260173.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2260173.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2260173&octid=CT2260173&SearchSource=15&CUI=UN01689902209584448&SSPV=&Lay=1&UM=\"}");
Line Deleted : user_pref("CT2260173.lastVersion", "10.20.101.5");
Line Deleted : user_pref("CT2260173.myStuffEnabled", true);
Line Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.op.gg%2Fsummoner%2FuserName%3DCreative%2BSeIf\",\"EB_MAIN_FRAME_TITLE\":\"Creative%20SeI[...]
Line Deleted : user_pref("CT2260173.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128940706283150316,129441809115231739,128940706522681543,128940651219556906,128941656432219667,12894165[...]
Line Deleted : user_pref("CT2260173.originalSearchAddressUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT2260173.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Line Deleted : user_pref("CT2260173.search.searchCount", 2);
Line Deleted : user_pref("CT2260173.searchFromAddressBarEnabledByUser", "false");
Line Deleted : user_pref("CT2260173.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2260173.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SwagBucks.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks \"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_services_Configuration_lastUpdate", "1397099999851");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1397099999275");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1397099999067");
Line Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1397099998775");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.20.101.5_lastUpdate", "1397099999078");
Line Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1397099998818");
Line Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1397099999650");
Line Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1397099998956");
Line Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1397099998892");
Line Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1397099998934");
Line Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1397099998725");
Line Deleted : user_pref("CT2260173.settingsINI", true);
Line Deleted : user_pref("CT2260173.showToolbarPermission", "false");
Line Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Line Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Line Deleted : user_pref("CT2260173.testingCtid", "");
Line Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Mon Jan 27 2014 16:22:12 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.toolbarBornServerTime", "8-8-2010");
Line Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Mon Jan 27 2014 16:22:12 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "10-4-2014");
Line Deleted : user_pref("CT2260173.toolbarLoginClientTime", "Sat Feb 08 2014 18:36:32 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.undefined", "Wed Jan 26 2011 15:37:55 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2260173.usagesFlag", 2);
Line Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1397099994755,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173", "\"d08b2abde46e8ca1411b045ad42d637b3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/CA", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CA", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2260173", "eSzELtoCN6VQCYiv1tPI+g==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2260173", "HYogGBUvv90IWu2NxeLYvA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2260173", "aXc5Vsxqu/hbyzW/5Q4N6w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2260173", "9tP0a9tLQ7LYpUSrjHx9xA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"f4cb1557a8bece1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5.1", "\"807dc126dd28cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:1308\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"04afd94b864cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"f414eeaa6bece1:1718\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:1254\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:1254\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173", "\"7097fd37277b6a1b754b125bd11d0197\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2260173&octid=CT2260173", "\"1322481066\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2260173/CT2260173", "\"1311981030\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"55b2aa16aa5e2d8f52f0574a3c6b1ab5\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "swag_bucks");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Main\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ql2vrjfy.default\\conduitCommon\\modules\\3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2260173");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "swag_bucks");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 23 2011 18:37:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 15:30:32 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 13:22:23 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{8fb65de2-6a43-4ad3-b31d-0dc5a4d5aa1a}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Mar 23 2011 16:48:14 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "a3b218e0-2e0b-4ce3-9173-a7408d2be133");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.killedEngine", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 27 2014 16:22:14 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jan 27 2014 16:22:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 27 2014 16:22:13 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "3af30e7e-f012-4bb8-8376-d4a8e3b2de0b");
Line Deleted : user_pref("CommunityToolbar.undefined", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2,{3f963a5b-e555-4543-90e[...]
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.fr", "1300925368");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_/", "1300925371");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_dealsplugin.com/", "1300925371");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_facebook.com", "1300925371");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp", "1300925371");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_iqquizgame.com/", "1300925371");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_play-ga.me/", "1300925371");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_revealmycrush.com/", "1300925371");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1300925371");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/plugin", "1300925371");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=");
Line Deleted : user_pref("smartbar.machineId", "NTIIS6UNLNCZRDABM5DLLOON+PYGUJSOFJ2O9Q8FM6DLKZWF8ADEDLIND7NMV5AEJZHK9HMFJZQEWCUVV2CXDG");
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC7361ECE-7DD2-4802-A13D-9F1968D07CB2&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?count=16&searchByTerm=true&viewMode=grid&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.animeultima.tv/search.html?searchquery={searchTerms}
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC7361ECE-7DD2-4802-A13D-9F1968D07CB2
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [33936 octets] - [08/05/2014 20:58:39]
AdwCleaner[S0].txt - [34996 octets] - [08/05/2014 21:10:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35057 octets] ##########
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2014 02
Ran by Main (administrator) on DEMON on 08-05-2014 21:45:11
Running from C:\Users\Main\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgemc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Flux Software LLC) C:\Users\Main\AppData\Local\FluxSoftware\Flux\flux.exe
(BitTorrent Inc.) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
() C:\puush\puush.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(RAIDCALL.COM) C:\Raidcall\raidcall.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [AVG9_TRAY] => C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2784165769-1259122930-484551453-1000\...\Run: [F.lux] => C:\Users\Main\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-2784165769-1259122930-484551453-1000\...\Run: [uTorrent] => C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe [1266520 2014-04-23] (BitTorrent Inc.)
HKU\S-1-5-21-2784165769-1259122930-484551453-1000\...\Run: [puush] => C:\puush\puush.exe [567880 2014-02-05] ()
HKU\S-1-5-21-2784165769-1259122930-484551453-1000\...\Run: [Google Update] => C:\Users\Main\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-31] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD752FB8A42DACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {41CFBA32-F74A-4371-9023-673304F4632F} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23
 
FireFox:
========
FF ProfilePath: C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://swagbucks.com/?cmd=home
FF Keyword.URL: chrome://browser-region/locale/region.properties
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Main\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @softnyxNpruntime - C:\gunbound\SoftnyxGame\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Main\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Main\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Main\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Main\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Main\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Main\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\searchplugins\swagbuckscom.xml
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}-trash [2011-01-21]
FF Extension: Adblock Plus - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-07-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-06]
FF HKLM-x32\...\Firefox\Extensions: [FFToolbar@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF HKLM-x32\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files (x86)\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\Firefox [2010-09-10]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Main\Downloads\firefox.exe
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.ca/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC7361ECE-7DD2-4802-A13D-9F1968D07CB2"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Happy Cloud Plugin) - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Raidcall plugin) - C:\Users\Main\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (NyxLauncher ) - C:\gunbound\SoftnyxGame\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll ( )
CHR Plugin: (iTunes Application Detector) - C:\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (SPOI Options) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn [2013-08-19]
CHR Extension: (YouTube) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Adblock Plus) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-05-27]
CHR Extension: (Google Search) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (AdBlock) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-29]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-04-05]
CHR Extension: (League of Legends Events) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnfkjennojjkajjmghdgkibohcnefdk [2013-02-17]
CHR Extension: (Skype Click to Call) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-05-19]
CHR Extension: (Ghostery) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-01]
CHR Extension: (Google Wallet) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-09-10] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-09-10] (AVG Technologies CZ, s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3826032 2010-04-26] (INCA Internet Co., Ltd.)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-05-20] (Echobit, LLC)
S3 Gun; C:\Windows\system32\Gun64.sys [30840 2011-03-28] ()
S3 GunBod; C:\gunbound\SoftnyxGame\GunBoundIS\avital\gunbod64.sys [82320 2013-05-06] ()
S3 JRSKD24; C:\Windows\SysWOW64\JRSKD24.SYS [9216 2011-02-08] (SoftForum Corporation)
S3 JRSUKD24; C:\Windows\SysWOW64\JRSUKD24.SYS [6784 2011-02-08] (SoftForum Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2013-10-13] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-10-13] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30888 2013-10-13] (Razer Inc)
S1 StarOpen; C:\Windows\SysWOW64\Drivers\StarOpen.sys [5504 2008-11-28] ()
S3 WinRing0_1_2_0; C:\Junk\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Users\Main\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-08 21:45 - 2014-05-08 21:47 - 00023918 _____ () C:\Users\Main\Downloads\FRST.txt
2014-05-08 21:44 - 2014-05-08 21:45 - 00000000 ____D () C:\FRST
2014-05-08 21:28 - 2014-05-08 21:28 - 02063872 _____ (Farbar) C:\Users\Main\Downloads\FRST64.exe
2014-05-08 21:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-08 20:58 - 2014-05-08 21:13 - 00000000 ____D () C:\AdwCleaner
2014-05-08 20:58 - 2014-05-08 20:58 - 01316991 _____ () C:\Users\Main\Downloads\adwcleaner (1).exe
2014-05-08 20:56 - 2014-05-08 20:56 - 01316991 _____ () C:\Users\Main\Downloads\adwcleaner.exe
2014-05-07 03:46 - 2014-05-07 03:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 15:06 - 2014-04-13 22:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 15:06 - 2014-04-13 22:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 00:26 - 2014-04-29 10:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 00:26 - 2014-04-29 09:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 00:26 - 2014-04-29 08:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 00:26 - 2014-04-29 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 23:09 - 2014-05-02 23:09 - 00000125 _____ () C:\Users\Main\Desktop\residences york.txt
2014-05-02 04:58 - 2014-05-02 04:58 - 00688992 ____R (Swearware) C:\Users\Main\Downloads\dds.com
2014-05-02 03:40 - 2014-05-02 03:40 - 00021332 _____ () C:\ComboFix.txt
2014-05-02 03:04 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-02 03:04 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-02 03:04 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-02 03:04 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-02 03:04 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-02 03:04 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-02 03:04 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-02 03:04 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-02 03:01 - 2014-05-02 03:41 - 00000000 ____D () C:\Qoobox
2014-05-02 03:01 - 2014-05-02 03:36 - 00000000 ____D () C:\Windows\erdnt
2014-05-02 03:00 - 2014-05-02 03:00 - 05197895 ____R (Swearware) C:\Users\Main\Downloads\ComboFix.exe
2014-04-29 02:55 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 02:55 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 02:55 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 02:55 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 02:55 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 02:55 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 02:55 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 02:55 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 02:55 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 02:55 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 02:55 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 02:55 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 02:55 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 02:55 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 02:55 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 02:55 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 02:55 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 02:55 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 02:55 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 02:55 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 02:55 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 02:55 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 02:55 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 02:55 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 02:55 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 02:55 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 02:55 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 02:55 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 02:55 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 02:55 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 02:55 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 02:55 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 02:55 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 02:55 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 02:55 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 02:55 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 02:55 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 02:55 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 02:55 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 02:55 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 02:55 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 02:55 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 02:55 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 02:55 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-24 08:05 - 2014-04-24 08:05 - 00000633 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-04-24 08:05 - 2014-04-24 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-04-24 08:03 - 2014-04-24 08:03 - 24677393 _____ () C:\Users\Main\Downloads\vlc-2.1.3-win32.exe
2014-04-24 08:02 - 2014-04-24 08:06 - 00000000 ____D () C:\Users\Main\AppData\Roaming\livestreamer
2014-04-24 08:01 - 2014-04-24 08:01 - 04065574 _____ () C:\Users\Main\Downloads\livestreamer-v1.8.0-win32-setup.exe
2014-04-24 05:12 - 2014-04-24 05:12 - 00000000 ____D () C:\Users\Main\Downloads\Replus - Ordinary Landscape[2011.11.09]
2014-04-24 05:07 - 2014-04-24 05:07 - 84543039 _____ () C:\Users\Main\Downloads\Replus - Ordinary Landscape[2011.11.09] (1).rar
2014-04-24 04:38 - 2014-04-24 04:42 - 84543039 _____ () C:\Users\Main\Downloads\Replus - Ordinary Landscape[2011.11.09].rar
2014-04-24 04:35 - 2014-04-24 04:35 - 00017327 _____ () C:\Users\Main\Downloads\replus - Everlasting Truth - 2010 (CD - MP3 - V0 (VBR)).torrent
2014-04-24 04:26 - 2014-04-24 04:26 - 00018654 _____ () C:\Users\Main\Downloads\replus - Ordinary Landscape - 2011 (WEB - MP3 - V0 (VBR)).torrent
2014-04-24 04:26 - 2014-04-24 04:26 - 00018654 _____ () C:\Users\Main\Downloads\replus - Ordinary Landscape - 2011 (WEB - MP3 - V0 (VBR)) (1).torrent
2014-04-21 19:53 - 2014-04-21 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 19:53 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 19:53 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 19:53 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 19:53 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-21 19:51 - 2014-04-21 19:53 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-12 15:27 - 2014-04-12 15:27 - 00000034 _____ () C:\Users\Main\Desktop\steam for csgo.txt
2014-04-12 02:15 - 2014-04-12 02:15 - 00000000 ____D () C:\Users\Main\AppData\Local\Arktos Entertainment
2014-04-12 02:11 - 2014-04-12 03:28 - 00291128 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-12 02:11 - 2014-04-12 02:11 - 00000000 ____D () C:\Users\Main\Documents\Arktos
2014-04-12 02:11 - 2014-04-12 02:11 - 00000000 ____D () C:\Users\Main\AppData\Local\PunkBuster
2014-04-12 02:11 - 2014-04-12 02:11 - 00000000 ____D () C:\Users\Main\AppData\Local\Arktos
2014-04-12 02:10 - 2014-04-12 03:28 - 00291128 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-12 02:10 - 2014-04-12 02:11 - 00291128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-12 02:10 - 2014-04-12 02:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-12 00:19 - 2014-04-12 00:19 - 00000202 _____ () C:\Users\Main\Desktop\Infestation Survivor Stories.url
2014-04-09 23:18 - 2014-04-09 23:18 - 00004818 _____ () C:\Users\Main\Downloads\LOL_OPGG_Observer_1215159805 (1).bat
2014-04-09 23:17 - 2014-04-09 23:17 - 00004818 _____ () C:\Users\Main\Downloads\LOL_OPGG_Observer_1215159805.bat
2014-04-09 18:19 - 2014-04-09 19:33 - 00001794 _____ () C:\Users\Main\Desktop\chrome.lnk
2014-04-08 17:30 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 17:30 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 17:30 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 17:30 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 17:30 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 17:29 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 17:29 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 17:29 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 17:29 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 17:29 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 17:29 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 17:29 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 17:29 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 17:29 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 17:29 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 17:29 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 17:29 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-08 21:47 - 2014-05-08 21:45 - 00023918 _____ () C:\Users\Main\Downloads\FRST.txt
2014-05-08 21:47 - 2011-01-15 21:41 - 00000000 ____D () C:\Users\Main\AppData\Roaming\uTorrent
2014-05-08 21:47 - 2010-08-11 01:17 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Skype
2014-05-08 21:45 - 2014-05-08 21:44 - 00000000 ____D () C:\FRST
2014-05-08 21:28 - 2014-05-08 21:28 - 02063872 _____ (Farbar) C:\Users\Main\Downloads\FRST64.exe
2014-05-08 21:24 - 2014-03-31 23:12 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2784165769-1259122930-484551453-1000UA.job
2014-05-08 21:23 - 2009-07-14 00:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 21:23 - 2009-07-14 00:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 21:20 - 2010-07-14 13:48 - 01242490 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 21:17 - 2010-08-11 01:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 21:15 - 2013-11-25 13:51 - 00242699 _____ () C:\Windows\setupact.log
2014-05-08 21:14 - 2013-11-25 17:02 - 00228890 _____ () C:\Windows\PFRO.log
2014-05-08 21:14 - 2011-03-07 16:28 - 00000000 ____D () C:\ProgramData\Kodak
2014-05-08 21:14 - 2010-08-11 01:15 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 21:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 21:13 - 2014-05-08 20:58 - 00000000 ____D () C:\AdwCleaner
2014-05-08 21:01 - 2012-04-06 10:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 20:58 - 2014-05-08 20:58 - 01316991 _____ () C:\Users\Main\Downloads\adwcleaner (1).exe
2014-05-08 20:56 - 2014-05-08 20:56 - 01316991 _____ () C:\Users\Main\Downloads\adwcleaner.exe
2014-05-08 20:42 - 2010-10-11 18:24 - 00000000 _____ () C:\Users\Main\AppData\Local\prvlcl.dat
2014-05-08 20:24 - 2010-09-10 18:29 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2014-05-08 00:24 - 2014-03-31 23:12 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2784165769-1259122930-484551453-1000Core.job
2014-05-08 00:19 - 2014-03-31 23:12 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2784165769-1259122930-484551453-1000UA
2014-05-08 00:19 - 2014-03-31 23:12 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2784165769-1259122930-484551453-1000Core
2014-05-07 03:46 - 2014-05-07 03:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:59 - 2014-01-28 20:58 - 00000000 ____D () C:\Users\Main\AppData\Local\Battle.net
2014-05-05 19:48 - 2013-03-30 13:24 - 00000000 ____D () C:\Users\Main\AppData\Roaming\TS3Client
2014-05-05 17:11 - 2010-08-11 01:15 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-05 17:11 - 2010-08-11 01:15 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-04 00:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-03 16:40 - 2010-09-10 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Free 9.0
2014-05-03 16:39 - 2010-09-10 18:28 - 00000000 ____D () C:\ProgramData\avg9
2014-05-02 23:09 - 2014-05-02 23:09 - 00000125 _____ () C:\Users\Main\Desktop\residences york.txt
2014-05-02 04:58 - 2014-05-02 04:58 - 00688992 ____R (Swearware) C:\Users\Main\Downloads\dds.com
2014-05-02 03:41 - 2014-05-02 03:01 - 00000000 ____D () C:\Qoobox
2014-05-02 03:41 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-05-02 03:40 - 2014-05-02 03:40 - 00021332 _____ () C:\ComboFix.txt
2014-05-02 03:36 - 2014-05-02 03:01 - 00000000 ____D () C:\Windows\erdnt
2014-05-02 03:23 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-02 03:00 - 2014-05-02 03:00 - 05197895 ____R (Swearware) C:\Users\Main\Downloads\ComboFix.exe
2014-04-30 23:01 - 2012-04-06 10:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 23:01 - 2012-04-06 10:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 23:01 - 2011-05-16 10:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 21:18 - 2010-07-14 15:23 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Mozilla
2014-04-29 19:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-29 16:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 10:01 - 2014-05-03 00:26 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 09:40 - 2014-05-03 00:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 08:48 - 2014-05-03 00:26 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 08:34 - 2014-05-03 00:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-27 01:57 - 2013-05-21 18:29 - 00000773 _____ () C:\Users\Main\Desktop\pws.txt
2014-04-24 21:33 - 2010-07-28 13:46 - 00000000 ____D () C:\Steam
2014-04-24 20:28 - 2010-07-16 15:34 - 00000000 ___RD () C:\Users\Main\Desktop\Guitar
2014-04-24 08:06 - 2014-04-24 08:02 - 00000000 ____D () C:\Users\Main\AppData\Roaming\livestreamer
2014-04-24 08:05 - 2014-04-24 08:05 - 00000633 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-04-24 08:05 - 2014-04-24 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-04-24 08:03 - 2014-04-24 08:03 - 24677393 _____ () C:\Users\Main\Downloads\vlc-2.1.3-win32.exe
2014-04-24 08:02 - 2013-03-08 23:47 - 00000000 ____D () C:\Users\Main\Desktop\torrents n bleep
2014-04-24 08:01 - 2014-04-24 08:01 - 04065574 _____ () C:\Users\Main\Downloads\livestreamer-v1.8.0-win32-setup.exe
2014-04-24 05:12 - 2014-04-24 05:12 - 00000000 ____D () C:\Users\Main\Downloads\Replus - Ordinary Landscape[2011.11.09]
2014-04-24 05:07 - 2014-04-24 05:07 - 84543039 _____ () C:\Users\Main\Downloads\Replus - Ordinary Landscape[2011.11.09] (1).rar
2014-04-24 04:42 - 2014-04-24 04:38 - 84543039 _____ () C:\Users\Main\Downloads\Replus - Ordinary Landscape[2011.11.09].rar
2014-04-24 04:35 - 2014-04-24 04:35 - 00017327 _____ () C:\Users\Main\Downloads\replus - Everlasting Truth - 2010 (CD - MP3 - V0 (VBR)).torrent
2014-04-24 04:26 - 2014-04-24 04:26 - 00018654 _____ () C:\Users\Main\Downloads\replus - Ordinary Landscape - 2011 (WEB - MP3 - V0 (VBR)).torrent
2014-04-24 04:26 - 2014-04-24 04:26 - 00018654 _____ () C:\Users\Main\Downloads\replus - Ordinary Landscape - 2011 (WEB - MP3 - V0 (VBR)) (1).torrent
2014-04-21 19:53 - 2014-04-21 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 19:53 - 2014-04-21 19:51 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 19:53 - 2013-10-15 17:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 19:53 - 2010-07-16 15:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 18:12 - 2014-01-28 23:03 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-14 20:13 - 2014-04-21 19:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-21 19:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-21 19:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-21 19:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 22:24 - 2014-05-06 15:06 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 22:19 - 2014-05-06 15:06 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 15:27 - 2014-04-12 15:27 - 00000034 _____ () C:\Users\Main\Desktop\steam for csgo.txt
2014-04-12 03:28 - 2014-04-12 02:11 - 00291128 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-12 03:28 - 2014-04-12 02:10 - 00291128 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-12 02:15 - 2014-04-12 02:15 - 00000000 ____D () C:\Users\Main\AppData\Local\Arktos Entertainment
2014-04-12 02:11 - 2014-04-12 02:11 - 00000000 ____D () C:\Users\Main\Documents\Arktos
2014-04-12 02:11 - 2014-04-12 02:11 - 00000000 ____D () C:\Users\Main\AppData\Local\PunkBuster
2014-04-12 02:11 - 2014-04-12 02:11 - 00000000 ____D () C:\Users\Main\AppData\Local\Arktos
2014-04-12 02:11 - 2014-04-12 02:10 - 00291128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-12 02:10 - 2014-04-12 02:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-12 02:08 - 2011-05-28 17:13 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-12 02:07 - 2011-05-28 17:13 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-12 00:19 - 2014-04-12 00:19 - 00000202 _____ () C:\Users\Main\Desktop\Infestation Survivor Stories.url
2014-04-09 23:18 - 2014-04-09 23:18 - 00004818 _____ () C:\Users\Main\Downloads\LOL_OPGG_Observer_1215159805 (1).bat
2014-04-09 23:17 - 2014-04-09 23:17 - 00004818 _____ () C:\Users\Main\Downloads\LOL_OPGG_Observer_1215159805.bat
2014-04-09 19:33 - 2014-04-09 18:19 - 00001794 _____ () C:\Users\Main\Desktop\chrome.lnk
2014-04-09 02:16 - 2013-08-19 00:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 02:15 - 2013-07-27 18:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 02:12 - 2010-07-14 15:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 15:49 - 2010-07-14 13:55 - 00126208 _____ () C:\Users\Main\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-08 15:49 - 2009-07-14 00:45 - 00459592 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Files to move or delete:
====================
C:\Users\Main\jagex_cl_loginapplet_LIVE.dat
C:\Users\Main\jagex_cl_oldschool_LIVE.dat
C:\Users\Main\jagex_cl_runescape_LIVE.dat
C:\Users\Main\jagex_cl_runescape_LIVE1.dat
C:\Users\Main\jagex_cl_runescape_LIVE2.dat
C:\Users\Main\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Main\jagex_runescape_preferences.dat
C:\Users\Main\jagex_runescape_preferences2.dat
C:\Users\Main\random.dat
C:\Users\Main\random_12430212.dat
C:\Users\Main\random_12483412.dat
C:\Users\Main\random_12494cfc.dat
C:\Users\Main\random_168c659f.dat
C:\Users\Main\random_16956256.dat
C:\Users\Main\random_16994d57.dat
C:\Users\Main\random_17a41fca.dat
C:\Users\Main\random_17ae7b3d.dat
C:\Users\Main\random_17d6eb14.dat
C:\Users\Main\random_1813fa40.dat
C:\Users\Main\random_18f86163.dat
C:\Users\Main\random_18fe2854.dat
C:\Users\Main\random_1c690dcb.dat
C:\Users\Main\random_1cb4fe5a.dat
C:\Users\Main\random_1e07fa31.dat
C:\Users\Main\random_21cc2365.dat
C:\Users\Main\random_2202e946.dat
C:\Users\Main\random_22559713.dat
C:\Users\Main\random_238ab95a.dat
C:\Users\Main\random_23d6d158.dat
C:\Users\Main\random_23da1654.dat
C:\Users\Main\random_26abe77a.dat
C:\Users\Main\random_2bf4474d.dat
C:\Users\Main\random_2d373bc1.dat
C:\Users\Main\random_2d7d01b7.dat
C:\Users\Main\random_31d1da0d.dat
C:\Users\Main\random_331c99ec.dat
C:\Users\Main\random_3633cf5d.dat
C:\Users\Main\random_368de7a4.dat
C:\Users\Main\random_3bfdba80.dat
C:\Users\Main\random_3cbeb874.dat
C:\Users\Main\random_4421ee24.dat
C:\Users\Main\random_4cbbf802.dat
C:\Users\Main\random_524ae474.dat
C:\Users\Main\random_55a547fb.dat
C:\Users\Main\random_5722dcc6.dat
 
 
Some content of TEMP:
====================
C:\Users\Main\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-29 00:07
 
==================== End Of Log ============================
 
 
 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
AVG Anti-Virus Free             
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 55  
 Adobe Flash Player 13.0.0.206  
 Adobe Reader XI  
 Mozilla Firefox 23.0 Firefox out of Date!
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 AVG avgwdsvc.exe 
 AVG avgtray.exe 
 AVG avgemc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 

Attached Files


Edited by embarrassed, 08 May 2014 - 09:11 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:21 AM

Posted 09 May 2014 - 08:29 AM

The SecurityCheck log is clean.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(BitTorrent Inc.) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-2784165769-1259122930-484551453-1000\...\Run: [uTorrent] => C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe [1266520 2014-04-23] (BitTorrent Inc.)
SearchScopes: HKCU - {41CFBA32-F74A-4371-9023-673304F4632F} URL =
FF Homepage: hxxp://swagbucks.com/?cmd=home
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}-trash [2011-01-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-07-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-06]
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC7361ECE-7DD2-4802-A13D-9F1968D07CB2"
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Ghostery) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-01]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Users\Main\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
C:\Users\Main\jagex_cl_loginapplet_LIVE.dat
C:\Users\Main\jagex_cl_oldschool_LIVE.dat
C:\Users\Main\jagex_cl_runescape_LIVE.dat
C:\Users\Main\jagex_cl_runescape_LIVE1.dat
C:\Users\Main\jagex_cl_runescape_LIVE2.dat
C:\Users\Main\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Main\jagex_runescape_preferences.dat
C:\Users\Main\jagex_runescape_preferences2.dat
C:\Users\Main\random.dat
C:\Users\Main\random_12430212.dat
C:\Users\Main\random_12483412.dat
C:\Users\Main\random_12494cfc.dat
C:\Users\Main\random_168c659f.dat
C:\Users\Main\random_16956256.dat
C:\Users\Main\random_16994d57.dat
C:\Users\Main\random_17a41fca.dat
C:\Users\Main\random_17ae7b3d.dat
C:\Users\Main\random_17d6eb14.dat
C:\Users\Main\random_1813fa40.dat
C:\Users\Main\random_18f86163.dat
C:\Users\Main\random_18fe2854.dat
C:\Users\Main\random_1c690dcb.dat
C:\Users\Main\random_1cb4fe5a.dat
C:\Users\Main\random_1e07fa31.dat
C:\Users\Main\random_21cc2365.dat
C:\Users\Main\random_2202e946.dat
C:\Users\Main\random_22559713.dat
C:\Users\Main\random_238ab95a.dat
C:\Users\Main\random_23d6d158.dat
C:\Users\Main\random_23da1654.dat
C:\Users\Main\random_26abe77a.dat
C:\Users\Main\random_2bf4474d.dat
C:\Users\Main\random_2d373bc1.dat
C:\Users\Main\random_2d7d01b7.dat
C:\Users\Main\random_31d1da0d.dat
C:\Users\Main\random_331c99ec.dat
C:\Users\Main\random_3633cf5d.dat
C:\Users\Main\random_368de7a4.dat
C:\Users\Main\random_3bfdba80.dat
C:\Users\Main\random_3cbeb874.dat
C:\Users\Main\random_4421ee24.dat
C:\Users\Main\random_4cbbf802.dat
C:\Users\Main\random_524ae474.dat
C:\Users\Main\random_55a547fb.dat
C:\Users\Main\random_5722dcc6.dat

End

Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.


Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know of any remaining issues.

#8 embarrassed

embarrassed
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 09 May 2014 - 01:21 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2014 01
Ran by Main at 2014-05-09 14:19:19 Run:1
Running from C:\Users\Main\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
(BitTorrent Inc.) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-2784165769-1259122930-484551453-1000\...\Run: [uTorrent] => C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe [1266520 2014-04-23] (BitTorrent Inc.)
SearchScopes: HKCU - {41CFBA32-F74A-4371-9023-673304F4632F} URL =
FF Homepage: hxxp://swagbucks.com/?cmd=home
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}-trash [2011-01-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-07-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-06]
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC7361ECE-7DD2-4802-A13D-9F1968D07CB2"
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Ghostery) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-01]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Users\Main\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
C:\Users\Main\jagex_cl_loginapplet_LIVE.dat
C:\Users\Main\jagex_cl_oldschool_LIVE.dat
C:\Users\Main\jagex_cl_runescape_LIVE.dat
C:\Users\Main\jagex_cl_runescape_LIVE1.dat
C:\Users\Main\jagex_cl_runescape_LIVE2.dat
C:\Users\Main\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Main\jagex_runescape_preferences.dat
C:\Users\Main\jagex_runescape_preferences2.dat
C:\Users\Main\random.dat
C:\Users\Main\random_12430212.dat
C:\Users\Main\random_12483412.dat
C:\Users\Main\random_12494cfc.dat
C:\Users\Main\random_168c659f.dat
C:\Users\Main\random_16956256.dat
C:\Users\Main\random_16994d57.dat
C:\Users\Main\random_17a41fca.dat
C:\Users\Main\random_17ae7b3d.dat
C:\Users\Main\random_17d6eb14.dat
C:\Users\Main\random_1813fa40.dat
C:\Users\Main\random_18f86163.dat
C:\Users\Main\random_18fe2854.dat
C:\Users\Main\random_1c690dcb.dat
C:\Users\Main\random_1cb4fe5a.dat
C:\Users\Main\random_1e07fa31.dat
C:\Users\Main\random_21cc2365.dat
C:\Users\Main\random_2202e946.dat
C:\Users\Main\random_22559713.dat
C:\Users\Main\random_238ab95a.dat
C:\Users\Main\random_23d6d158.dat
C:\Users\Main\random_23da1654.dat
C:\Users\Main\random_26abe77a.dat
C:\Users\Main\random_2bf4474d.dat
C:\Users\Main\random_2d373bc1.dat
C:\Users\Main\random_2d7d01b7.dat
C:\Users\Main\random_31d1da0d.dat
C:\Users\Main\random_331c99ec.dat
C:\Users\Main\random_3633cf5d.dat
C:\Users\Main\random_368de7a4.dat
C:\Users\Main\random_3bfdba80.dat
C:\Users\Main\random_3cbeb874.dat
C:\Users\Main\random_4421ee24.dat
C:\Users\Main\random_4cbbf802.dat
C:\Users\Main\random_524ae474.dat
C:\Users\Main\random_55a547fb.dat
C:\Users\Main\random_5722dcc6.dat
 
End
*****************
 
[3804] C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe => Process closed successfully.
HKU\S-1-5-21-2784165769-1259122930-484551453-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41CFBA32-F74A-4371-9023-673304F4632F} => Key deleted successfully.
HKCR\CLSID\{41CFBA32-F74A-4371-9023-673304F4632F} => Key not found.
Firefox homepage deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\ql2vrjfy.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}-trash => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} => Moved successfully.
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC7361ECE-7DD2-4802-A13D-9F1968D07CB2" ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij => Moved successfully.
catchme => Service deleted successfully.
dump_wmimmc => Service deleted successfully.
EagleX64 => Service deleted successfully.
NLNdisMP => Service deleted successfully.
NLNdisPT => Service deleted successfully.
C:\Users\Main\jagex_cl_loginapplet_LIVE.dat => Moved successfully.
C:\Users\Main\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Main\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Main\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Main\jagex_cl_runescape_LIVE2.dat => Moved successfully.
C:\Users\Main\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully.
C:\Users\Main\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Main\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Main\random.dat => Moved successfully.
C:\Users\Main\random_12430212.dat => Moved successfully.
C:\Users\Main\random_12483412.dat => Moved successfully.
C:\Users\Main\random_12494cfc.dat => Moved successfully.
C:\Users\Main\random_168c659f.dat => Moved successfully.
C:\Users\Main\random_16956256.dat => Moved successfully.
C:\Users\Main\random_16994d57.dat => Moved successfully.
C:\Users\Main\random_17a41fca.dat => Moved successfully.
C:\Users\Main\random_17ae7b3d.dat => Moved successfully.
C:\Users\Main\random_17d6eb14.dat => Moved successfully.
C:\Users\Main\random_1813fa40.dat => Moved successfully.
C:\Users\Main\random_18f86163.dat => Moved successfully.
C:\Users\Main\random_18fe2854.dat => Moved successfully.
C:\Users\Main\random_1c690dcb.dat => Moved successfully.
C:\Users\Main\random_1cb4fe5a.dat => Moved successfully.
C:\Users\Main\random_1e07fa31.dat => Moved successfully.
C:\Users\Main\random_21cc2365.dat => Moved successfully.
C:\Users\Main\random_2202e946.dat => Moved successfully.
C:\Users\Main\random_22559713.dat => Moved successfully.
C:\Users\Main\random_238ab95a.dat => Moved successfully.
C:\Users\Main\random_23d6d158.dat => Moved successfully.
C:\Users\Main\random_23da1654.dat => Moved successfully.
C:\Users\Main\random_26abe77a.dat => Moved successfully.
C:\Users\Main\random_2bf4474d.dat => Moved successfully.
C:\Users\Main\random_2d373bc1.dat => Moved successfully.
C:\Users\Main\random_2d7d01b7.dat => Moved successfully.
C:\Users\Main\random_31d1da0d.dat => Moved successfully.
C:\Users\Main\random_331c99ec.dat => Moved successfully.
C:\Users\Main\random_3633cf5d.dat => Moved successfully.
C:\Users\Main\random_368de7a4.dat => Moved successfully.
C:\Users\Main\random_3bfdba80.dat => Moved successfully.
C:\Users\Main\random_3cbeb874.dat => Moved successfully.
C:\Users\Main\random_4421ee24.dat => Moved successfully.
C:\Users\Main\random_4cbbf802.dat => Moved successfully.
C:\Users\Main\random_524ae474.dat => Moved successfully.
C:\Users\Main\random_55a547fb.dat => Moved successfully.
C:\Users\Main\random_5722dcc6.dat => Moved successfully.
 
==== End of Fixlog ====
 
 
Thanks for everything, I'm grateful for your help!


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:21 AM

Posted 10 May 2014 - 08:33 AM

Glad we could help.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:21 AM

Posted 16 May 2014 - 10:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users